What is a Trojan Horse?
Trojan Horse is a type of malware that downloads onto a computer disguised as a legitimate program or by hiding malicious code within legitimate software. In all Trojan Horse cases, the attacker uses social engineering to slip malicious code within a piece of software to gain access to their targeted user’s system.
Thus, this malware type is often disguised as an email or a free-to-download file attachment and then transferred onto the user’s device. Once the file is downloaded, malicious codes will execute tasks the attacker designed it for, such as gaining backdoor access to corporate systems, spying on users’ online activity, or stealing sensitive data.
Indications of a Trojan being active on a device include unusual activity, such as unexpectedly changing computer settings.
Although Trojan Horse is a type of Malware, it is neither a computer virus nor a computer worm. A virus is a file infector that can self-replicate and spread by attaching itself to another program. Computer viruses do not always cause harm. However, hackers can create malicious programs to create and move files, erase files, or consume the memory space of an endpoint. Those actions can cause endpoints to malfunction.
A worm spreads via its own means, but it is similar to a virus in that it can also self-replicate and wreak havoc on your system. Computer worms go through the hard drive and memory space of a computer/ device machine. A worm does not change any files, but it is a type of virus that can multiply itself. Nonetheless, worms can still harm by consuming all of the available memory or hard disk space on an endpoint.
A Trojan Horse is different from a virus or a worm because Trojan Horses can’t replicate themselves, nor can they reproduce without help from an end user. That’s why cybercriminals use social engineering tactics to trick users into executing the malware. Typically, the malware is hidden inside an authentic-looking email attachment or free download. When a user clicks on the email attachment or downloads the free program, the malware is transferred to their device. Once inside, it can execute whatever task the attacker designed it to carry out.
How does a Trojan Horse work?
Computers cannot become infected with a Trojan Horse by themselves; they need a user to download the server-side part of an application after being infected by the executable file.
Trojan Horse Malware is spread through spam, sending malicious attachments to as many people as possible. When the malicious extension or application is downloaded, the server will install and automatically run every time the infected device is turned on.
Using social engineering tactics, devices can be infected by Trojan software. Cybercriminals use these tactics to trick their targeted users into downloading an application consisting of malware. The malicious file could be hidden through pop-up advertisements, links, or banner advertisements.
Hackers can also use mobile malware to attack smartphones and tablets. This can be done by redirecting traffic to devices connected to Wi-Fi networks and then using those devices to launch cyberattacks.
Symptoms of a Trojan Horse
Trojan infections can come in many forms. You could be infected by malware hidden in free software, a browser ad, or an app you think is safe but is actually dangerous. A few examples of unwise user behavior that can lead to a Trojan infection are as follows:
- Downloading a free program that you haven’t researched can be dangerous. You might end up with a Trojan on your computer.
- Opening attachments you weren’t expecting. Sometimes you get an email with what looks like an important attachment, like a delivery receipt or an invoice, but when you click on it, a Trojan
hHorse launches on your computer. - Downloading a cracked or illegal copy of an application is risky—you may get more than you bargained for.
- Browsing shady websites can infect your computer. Some sites trick you into downloading software that turns out to be harmful. Scammers will sometimes create sites with addresses that mimic those of large brands or companies. For example, Yah00.com, www.amaZZZZZon.com, or Amaz0n.net look like they might be legitimate sites, but they’re not. Always double-check the address bar if you’re redirected to a site from another page.
- Social engineering includes any other technique that disguises itself by taking advantage of the latest trends, such as the Intel processors that were vulnerable to attack because of hardware issues in December 2017. Fake patches like Smoke Loader exploited this panic and installed Trojans on computers.
According to Fortinet threat research, the Smoke Loader Trojan Horse takes advantage of CVE-2017-11882, a stack overflow vulnerability in the Microsoft Equation Editor that enables remote code execution on a vulnerable system. The following image is a RTF (Rich Text File) spreadsheet after the exploiting of CVE-2017-11882, the Smoke Loader Trojan horse;
Types of most common Trojan Horse
Here are some of the most common types of Trojan viruses that cybercriminals and hackers use to attack their victims;
Trojan Downloader
Hackers developed Downloader Trojan to download and install new versions of other malicious programs on victims’ computers. This Trojan will usually target your pre-infected computer.
Backdoor Trojan
The backdoor Trojan can create a “backdoor” on your computer, allowing hackers to access your computer remotely. With Backdoor Trojan, hackers can control your device, monitor, download or steal data, and spread more malware on your device.
Short Message Sending (SMS) Trojan
Trojans can also infect mobile devices, one of which is this SMS Trojan. When the SMS Trojan infects a mobile device, the Trojan can make the victim subscribe to premium rate messages. As a result, premium rates will increase the victim’s telephone costs.
Distributed Denial of Service (DDoS)
This Trojan performs Distributed Denial of Service (DDoS) attacks by flooding server, network, or system traffic to overload normal traffic. As a result, users cannot access the attacked website.
Rootkit Trojans
Rootkits were developed by hacking to hide or obscure objects on an infected computer. This attack extends the time that malicious programs can run on your device without being detected.
Trojan Banker
This Trojan is designed to attack your financial accounts. Hackers use it to steal online banking information such as banking data, credit cards, bill payments, etc.
Trojan Horse in smartphones
Trojans aren’t just a problem for desktop computers. They also affect mobile devices, which makes sense given the tempting target presented by the billions of phones in use. Like a computer virus, a Trojan h Horse presents itself as a legitimate program, though it’s actually filled with malware.
Some Trojans are available on unofficial app markets, and they look like normal apps. They run the gamut from annoying to destructive, infecting your phone with ads, keyloggers, and more. Dialer Trojans can even generate money by sending out expensive premium-rate texts.
Android users have been the victims of weaponized apps from Google Play, which is constantly scanning and purging Trojanised apps. Browser extension add-ons can act as Trojans as well, since they can carry embedded bad code.
Simple steps to stay safe from Trojan Horse
The best way to avoid getting a Trojan is to be careful when visiting websites, especially those offering free movies or gambling. Always download free programs directly from the producer’s site rather than from unauthorised mirror servers.
Knowing what a Trojan is and the many types of Trojans that can attack, there are several things you should do to protect your device or system. Hackers are always looking for ways to gain access to your important data. Therefore, cyber security needs to be prioritised. Some of the things you need to do are:
- Don’t visit unsafe websites and remember to check the URL of websites you believe to be legitimate.
- Think before you click: Do not open links in emails from suspicious senders or any attachments you were not expecting (even from senders you trust).
- Do not download or install programs from untrusted third parties.
- As a web or application owner, it is important to check if your system has any vulnerabilities before hackers take advantage of them. Cyber Aware owners will keep their systems up-to-date to ensure that they have the latest security patches installed.
Hackers can exploit vulnerabilities in systems to spread various types of malware. If it is found that there are vulnerabilities in it, then you must immediately patch these vulnerabilities. Cyber attacks can come from multiple different sources. As a human firewall, you’re the first line of defense for your own devices and any networks that you’re responsible for. Knowing how to catch a cyber attack before it has the chance to infiltrate your device or network is always the best protection.