Trojan Horse

4 min read

Trojan horse (or “Trojan”) is a broad term describing malicious software that uses a disguise to hide its true purpose. However, unlike a virus, it is neither able to replicate nor infect files on its own. To infiltrate a victim’s device, this malware category relies on other means, such as drive-by-downloads, exploitation of vulnerabilities, download by other malicious code, or social engineering techniques.

What is a (digital) Trojan horse?

Similar to the Trojan Horse known from ancient Greco-Roman tales, this type of malicious software uses disguise or misdirection to hide its true function.

After reaching the targeted machine, it often employs various techniques to be executed by the user or by other software on the affected system.

Trojans are currently the most common malware category, used to open backdoors, take control of the affected device, exfiltrate user data and send it to the attacker, download and run other malicious software on the affected system as well as for many other nefarious goals.

Spread the word and share online

Brief history

The name “Trojan horse” is derived from the classical antiquity tale referring to the successful conquest of the city of Troy by the Greeks. To get through the city’s defenses, the conquerors built a massive wooden horse and hid a group of their elite soldiers within. After tricking the Trojan guards into pulling the “gift” into their fortified city, the attackers waited for nightfall, spilled out of the figure and overpowered the surprised defenders.

The first time this term was used in reference to malicious code was in a 1974 US Air Force report that focused on the analysis of vulnerabilities in computer systems. However, the term first became popular in the 1980s, especially after Ken Thompson’s lecture at the ACM Turing Awards 1983 reception.

Well-known examples

One of the first Trojans to become widely known was also the first ransomware seen in the wild – the “AIDS Trojan of 1989”. This malicious code was distributed via postal mail on floppy disks that purported to contain an interactive database associated with the disease AIDS. If installed, the program waited 90 boot cycles and then ciphered most of the filenames in the root directory of the machine. The “licensing agreement” of the software demanded that the victims send $189 or $378 to a post office box in Panama to get their data back.

Read more

The notorious spyware FinFisher (also called FinSpy) is another example of a Trojan. It is known for its extensive spying capabilities and misuse of webcams, microphones, keylogging, and ability to exfiltrate files. It is marketed by its developers as a law enforcement tool, but it is believed to have been used by oppressive regimes as well. To hide its true purpose, FinFisher uses various disguises. In one of its campaigns discovered by ESET, it posed as an installer for popular and legitimate programs such as browsers and media players. It has also been distributed via emails with fake attachments or fake software updates.

However, Trojans are not a threat exclusive to desktops or laptops. A large chunk of today’s mobile (and especially Android) malware also belongs to this category. DoubleLocker was an innovative ransomware family disguised as an Adobe Flash Player update. It infiltrated the mobile device via Accessibility services, encrypted its data and locked its screen using a random PIN code. Subsequently, the attacker demanded a payment in bitcoin to unlock the device and data.

How to stay protected?

The umbrella term Trojan includes various types of malicious software and can thus be avoided only through a combination of good cyber-hygiene and use of a reliable security solution.

Many Trojans exploit vulnerabilities in victims’ systems in order to infiltrate them. To mitigate these vulnerabilities, users are advised to update and patch regularly – not only their operating system, but all the software they use.

Read more

Trojans also try to trick users by employing social engineering techniques. In order to see through them, users and businesses need to be both vigilant and aware of the latest threats. Regular cybersecurity training as well as following reliable cybersecurity news are well-established sources for the necessary information.

A reliable and multilayered security solution is another important part of a user’s cyber-defenses. Trojans can use several channels to penetrate a device or a network. Therefore, most modern security software uses a variety of technologies such as sandboxing, emulation and machine learning to detect attack attempts and provide the best possible level of security.

ESET protects you against Trojans

ESET HOME Security Premium

Powerful, multilayered protection to encrypt sensitive data, manage passwords easily, secure online transactions and more. A user-friendly solution for enhanced privacy online. Secures Windows, macOS, Android, and iOS devices.


Ultimate digital security for business

Protect your company endpoints, business data and users with ESET's
multilayered technology.

Ultimate digital security for business

Protect your company endpoints, business data and users with ESET's multilayered technology.

Want to know more?

Follow us for all the latest tips and news

Follow us for all the latest tips and news