What is a Trojan Horse malware?

Trojan horse (or “Trojan”) is a broad term describing malicious software that uses a disguise to hide its true purpose. However, unlike a virus, it is neither able to replicate nor infect files on its own. To infiltrate a victim’s device, this malware category relies on other means, such as drive-by-downloads, exploitation of vulnerabilities, download by other malicious code, or social engineering techniques.

What is a Trojan Horse malware?

Trojan horse (or “Trojan”) is a broad term describing malicious software that uses a disguise to hide its true purpose. However, unlike a virus, it is neither able to replicate nor infect files on its own. To infiltrate a victim’s device, this malware category relies on other means, such as drive-by-downloads, exploitation of vulnerabilities, download by other malicious code, or social engineering techniques.

Reading time icon

4 min read

Reading time icon

4 min read

What is a Trojan horse virus?

Similar to the Trojan Horse known from ancient Greco-Roman tales, a Trojan virus hides its true function, often disguises itself as legitimate software, in order to gain unauthorised access to a device. After reaching the targeted machine, it often employs various techniques to be executed by the user or by other software on the affected system.

Trojan horses are currently the most common type of malware, used to open backdoors, take control of the affected device, exfiltrate user data and send it to the attacker, download and run other malicious software on the affected system as well as for many other nefarious goals.

Is a Trojan horse a virus or malware?

A Trojan horse is a type of malware, rather than a type of virus. While it is often referred to as a ‘Trojan virus’ or a ‘Trojan horse virus’, that isn’t actually accurate. What makes a computer virus a virus is their ability to replicate and spread on their own. This is something that Trojan horses do not do. Despite that, it’s still commonplace to see them referred to as either a ‘Trojan malware’ or a ‘Trojan virus’.

Trojan horse image

Example of a Trojan horse virus, and how they work

Think you’re safe from being tricked by a Trojan horse? It’s surprisingly easy to get fooled by them. You could simply receive a message that looks like it's from a friend or someone in your family. It could be an email or text, or even be a message from their social media account – one that you trust. There’s a link in there to an attachment and you download it.

You’ve opened that file, and it’s installed malware onto your device. It’ll execute and spread to its target files and start damaging your computer or stealing your data. Every Trojan is different, but it’s safe to assume that all Trojans will do something bad to your device.

A brief history of the Trojan horse

The name ‘Trojan horse’ is derived from the classical antiquity tale referring to the successful conquest of the city of Troy by the Greeks. To get through the city’s defences, the conquerors built a massive wooden horse and hid a group of their elite soldiers within. After tricking the Trojan guards into pulling the ‘gift’ into their fortified city, the attackers waited for nightfall, spilled out of the figure and overpowered the surprised defenders.

The first time this term was used in reference to malicious code was in a 1974 US Air Force report that focused on the analysis of vulnerabilities in computer systems. However, the term first became popular in the 1980s, especially after Ken Thompson’s lecture at the ACM Turing Awards 1983 reception.

Well-known Trojan horse examples

One of the first Trojan horse viruses to become widely known was also the first ransomware seen in the wild – the “AIDS Trojan of 1989”. This malicious code was distributed via postal mail on floppy disks that purported to contain an interactive database associated with the disease AIDS. If installed, the program waited 90 boot cycles and then ciphered most of the filenames in the root directory of the machine. The “licencing agreement” of the software demanded that the victims send $189 or $378 to a post office box in Panama to get their data back.

The notorious spyware FinFisher (also called FinSpy) is another example of a Trojan virus. It is known for its extensive spying capabilities and misuse of webcams, microphones, keylogging, and ability to exfiltrate files. It is marketed by its developers as a law enforcement tool, but it is believed to have been used by oppressive regimes as well. To hide its true purpose, FinFisher uses various disguises. In one of its campaigns discovered by ESET, it posed as an installer for popular and legitimate programs such as browsers and media players. It has also been distributed via emails with fake attachments or fake software updates.

However, Trojan horse viruses are not a threat exclusive to desktops or laptops. A large chunk of today’s mobile (and especially Android) malware also belongs to this category. DoubleLocker was an innovative ransomware family disguised as an Adobe Flash Player update. It infiltrated the mobile device via Accessibility services, encrypted its data and locked its screen using a random PIN code. Subsequently, the attacker demanded a payment in bitcoin to unlock the device and data.

Types of Trojan Viruses

Unfortunately for everyone, Trojan malware doesn’t just come in one form. There are a number of common types of Trojan malware and a few you may be less familiar with. We’re going to run you through a number of these so you can be prepared.

Backdoor Trojan

Backdoor Trojans are exactly as their name describes. They open up a way for attackers to access your device, otherwise known as a ‘backdoor’. Once they’ve done this, your attackers can do what they like, whether it’s downloading data or uploading more malware.

Downloader Trojan

When you’ve been infected, this Trojan concentrates on downloading new malware or updating other malware that may already be installed.

Fake Antivirus Trojan

It looks like real antivirus software and talks like real antivirus software… up to a point. Fake antivirus Trojans will demand money to ‘scan’ and ‘remove’ supposed threats which may not even exist.

Trojan IM

This form of Trojan malware will specifically target your instant messaging and social accounts. It will go after your logins and passwords.

Distributed Denial of Service (DDoS) Attack Trojan

Once downloaded, these Trojans are designed to perform DDoS attacks on your network. Essentially, they’ll bombard your network with traffic until it can’t cope.

Game-Thief Trojan

Specifically targeting gamers, especially online ones, a game-thief Trojan is designed to steal their account details, whether it’s log-ins or your payment and personal details.

Mailfinder Trojan

A Trojan that’s been developed to steal your address book. It’ll worm its way through your device, whether it’s a desktop, tablet or mobile and target your contacts. Stealing their email addresses.

Ransom Trojan

This is a Trojan that doubles up as ransomware. It will hold your device, or a particular folder, to ransom, demanding money for access. It won’t always provide it if you pay up either.

Infostealer Trojan

Designed with one purpose and one purpose only; this Trojan is here for your data, and it’s going to steal it.

SMS Trojan

Designed to target mobile devices, an SMS Trojan will target your inbox. It can send and intercept messages, often having been specifically designed to send a number of texts to premium numbers.

Remote Access Trojan

Accessing your device remotely is often an end goal of many attackers, and this Trojan does exactly that. Once the cybercriminals are in, they have full control of your machine, so can easily steal data, spy on you, access the accounts you’re logged into or install more malware.

Rootkit Trojan

A rootkit is often part of a wider attack. The goal is to obscure or completely hide something on your device. That means this type of Trojan can hide an infection from you while the malware gets to work.

Trojan Banker

While these types of Trojans technically steal all of your login details for your online accounts, their main goal is to obtain your financial account information: whether that’s banking access, credit card details, bills and more.

Protect yourself from trojan horse image

How to recognise and detect a Trojan horse virus on your computer

Many Trojan viruses exploit vulnerabilities in victims’ systems in order to infiltrate them. To mitigate these vulnerabilities, a combination of good cyber-hygiene and use of a reliable security solution is recommended.

Users should also be aware of regular updates, not only their operating system but all the software they use.

Read more

Trojan horses try to trick users by employing social engineering techniques. In order to see through these, users and businesses must be both vigilant and aware of the latest threats by keeping up to date with regular cybersecurity training as well as following reliable cybersecurity news.

Trojan viruses can use several channels to penetrate a device or a network, so a reliable security solution is an important part of a user’s cyber-defences. Most modern security software uses a variety of technologies such as sandboxing, emulation and machine learning to detect attack attempts and provide the best possible level of security.

A few telltale signs you have a Trojan Horse include:

  • Poor / slow computer performance
  • A sudden increase in processing and fan use
  • Pop ups
  • Changes to your default browser or homepage
  • Sudden freezing frequently
  • Suspicious programs launching on startup
  • Password changes
  • Emails you never sent in your outbox
  • Ransom notifications

 

If you have antivirus software, like ESET, installed, you may well receive an alert as soon as you’re infected. When you do, you need to act. However, if you notice any of the above symptoms happening to your device, we’d recommend using our online malware scanner to check.

How to remove Trojan Horses from your computer?

You can detect and remove threats for free using our easy-to-use online scanner. The one-time scan is quick and easy, can be used without installation and is a great way to identify vulnerabilities and remove these in the short term.

This scanner will carry out the following steps to remove a Trojan from your device:

  • Perform a scan
  • Isolate the infected file
  • Remove the infected file

It’s that simple, but you do need to make sure you are checking for these attacks regularly. If you think one may have slipped through your existing digital protection, then try an online malware scanner.

ESET protects you against Trojan horses

PREMIUM SECURITY

ESET Smart Security Premium

Ultimate guardian of your online safety

PREMIUM SECURITY

ESET Smart Security Premium

Ultimate guardian of your online safety

PREMIUM SECURITY

ESET Smart Security Premium

Built without compromise for users who want it all.
Secures Windows, macOS, Android and Linux devices.