The name “Trojan horse” is derived from the classical antiquity tale referring to the successful conquest of the city of Troy by the Greeks. To get through the city’s defenses, the conquerors built a massive wooden horse and hid a group of their elite soldiers within. After tricking the Trojan guards into pulling the “gift” into their fortified city, the attackers waited for nightfall, spilled out of the figure and overpowered the surprised defenders.
The first time this term was used in reference to malicious code was in a 1974 US Air Force report that focused on the analysis of vulnerabilities in computer systems. However, the term first became popular in the 1980s, especially after Ken Thompson’s lecture at the ACM Turing Awards 1983 reception.
One of the first Trojans to become widely known was also the first ransomware seen in the wild – the “AIDS Trojan of 1989”. This malicious code was distributed via postal mail on floppy disks that purported to contain an interactive database associated with the disease AIDS. If installed, the program waited 90 boot cycles and then ciphered most of the filenames in the root directory of the machine. The “licensing agreement” of the software demanded that the victims send $189 or $378 to a post office box in Panama to get their data back.
The notorious spyware FinFisher (also called FinSpy) is another example of a Trojan. It is known for its extensive spying capabilities and misuse of webcams, microphones, keylogging, and ability to exfiltrate files. It is marketed by its developers as a law enforcement tool, but it is believed to have been used by oppressive regimes as well. To hide its true purpose, FinFisher uses various disguises. In one of its campaigns discovered by ESET, it posed as an installer for popular and legitimate programs such as browsers and media players. It has also been distributed via emails with fake attachments or fake software updates.
However, Trojans are not a threat exclusive to desktops or laptops. A large chunk of today’s mobile (and especially Android) malware also belongs to this category. DoubleLocker was an innovative ransomware family disguised as an Adobe Flash Player update. It infiltrated the mobile device via Accessibility services, encrypted its data and locked its screen using a random PIN code. Subsequently, the attacker demanded a payment in bitcoin to unlock the device and data.
How to stay protected?
The umbrella term Trojan includes various types of malicious software and can thus be avoided only through a combination of good cyber-hygiene and use of a reliable security solution.
Many Trojans exploit vulnerabilities in victims’ systems in order to infiltrate them. To mitigate these vulnerabilities, users are advised to update and patch regularly – not only their operating system, but all the software they use.
Trojans also try to trick users by employing social engineering techniques. In order to see through them, users and businesses need to be both vigilant and aware of the latest threats. Regular cybersecurity training as well as following reliable cybersecurity news are well-established sources for the necessary information.
A reliable and multilayered security solution is another important part of a user’s cyber-defenses. Trojans can use several channels to penetrate a device or a network. Therefore, most modern security software uses a variety of technologies such as sandboxing, emulation and machine learning to detect attack attempts and provide the best possible level of security.