There are many different types of Trojans, but they all have one goal, which is to cause unnoticed damage to a computer or device. Even careless surfing on the internet can cause the malware to install itself. Although they’re good at cam­ou­fla­ging them­selves, there are typical signs of a Trojan infection and numerous ways to protect yourself.

What is a Trojan?

A Trojan is the most common type of malicious software (malware). It pretends to be a useful or harmless program that can be down­loaded. A Trojan can take many different forms and enter a system in different ways, such as through email at­tach­ments, software downloads, or ma­nip­u­lated websites.

Once installed, the malware is activated. In general, Trojans can delete, block, modify, copy data, or limit the per­form­ance of your system. There are three main groups:

  • Trojans that are per­man­ently active in the back­ground and spy on your online data or key­strokes; these are the most common.
  • Trojans that become active only when you connect to the internet or visit a certain website; these are often used to access data for online banking.
  • Server-access Trojans install a server program on your computer, which allows criminals to control it remotely.

Although the term is often used in­ter­change­ably with other malicious programs like viruses or worms, a Trojan isn’t able to replicate itself or infect files.

What kinds of Trojans are there?

Trojans can be dif­fer­en­ti­ated not only by their activity, but also by their type. The most common types of Trojans include:

Backdoor Trojan

Backdoor Trojans usually modify your security system. This creates backdoors that allow other malware or hackers to access your system. This most dangerous type of Trojan is often used to build a botnet, which is used to execute Dis­trib­uted Denial-of-Service (DDoS) attacks. This involves tor­pedo­ing a specific server or a network with a high number of computers.

Link Trojan

Link Trojans contain a fully func­tion­al host file, for example, a program to improve the computer’s per­form­ance – and malicious software. As soon as you launch the program, the malware is executed as well. Since the host file is disguised as a harmless program, the malicious software isn’t no­tice­able.

Dropper Trojan

Dropper Trojans install another malicious software in addition to the main software. They connect to autostart programs and are executed auto­mat­ic­ally every time the computer is started. In the process, like backdoor Trojans, it opens backdoors for further malicious programs.

Download Trojan

Down­load­er Trojans work in the same way as dropper Trojans. While the latter already contain the malware, down­load­er Trojans need a network resource to download it. This way, they can be updated unnoticed. That’s why they’re often not detected by virus scanners.

SMS Trojan

SMS Trojans can infect smart­phones and, disguised as a harmless SMS app, send text messages to expensive in­ter­na­tion­al numbers, for example. You, as the smart­phone owner, end up bearing the costs. A common method used by criminals to make money is sending expensive texts to premium numbers.

Trojan spy programs

Trojan spy programs can take screen­shots or record your key­strokes to steal codes for online banking, credit cards, or other con­fid­en­tial data. Remote access and adware are also possible.

Blackmail Trojan

Extortion Trojans, better known as ransom­ware, modify files on your computer so that it stops working properly or you can’t access certain data. The data is only released by the cyber criminals once you’ve paid the ransom.

Fake antivirus Trojan

Fake antivirus Trojans display a virus warning in the browser when you visit a certain website to make you purchase a virus scanner for a fee. Instead, the payment details are sent to the creator or ori­gin­at­or of the Trojan.

Banking Trojan

Banking Trojans try to get access to your online banking data using phishing tech­niques. Instead of entering your data, you’re directed to a ma­nip­u­lated page, for example.

Apart from these, there are many other types of Trojans, e.g. exploits, rootkits, and Trojan mail­find­ers.

How do Trojans work?

Trojans work on the same principle as the eponymous wooden horse from Greek mythology: malware disguised as useful and le­git­im­ate turns out to be malicious. A download is a pre­requis­ite for a Trojan to infect your device. This can also run unnoticed in the back­ground and be launched by clicking on a ma­nip­u­lated image or an infected link.

Trojans usually consist of two in­de­pend­ent programs that can be linked in different ways. Malware can be attached to the host software via linkers and start as soon as it’s executed. When a dropper is used, the malware is dropped onto your computer when the host program is started. A third method is to integrate secret program codes into the host software, like a browser plugin. These are executed within the browser, which means that the internet con­nec­tion can be easily used, for example, to forward data.

Who uses Trojans and for what?

Trojans are used not only by criminals, but also by gov­ern­ment bodies to fight crime, for example, with federal or state Trojans. The goal is to col­lec­tion in­form­a­tion from suspects and targets who are con­sidered a threat to national security. Some companies use Trojans as sur­veil­lance software to monitor their employees. Cy­ber­crim­in­als, on the other hand, use Trojans to steal personal data, iden­tit­ies, and money, by hacking online accounts with stolen passwords.

Emotet, the world’s most dangerous Trojan

Emotet is con­sidered the most dangerous malware in the world. First dis­covered in 2014, the malware is a Trojan that mainly spreads via spam or phishing emails and contains an infected Word document. When opened, the malware installs itself on the computer and im­me­di­ately starts en­crypt­ing files, stealing passwords, logging key­strokes, and down­load­ing more malware. Emotet also lets attackers take control of the infected computer. The Trojan is also able to update itself to avoid detection by antivirus software.

Emotet spreads by taking over contact lists and sending itself to their contacts. The email address’s owner is always displayed as the sender. That’s why the emails don’t look like spam, and re­cip­i­ents don’t suspect anything. This makes users more likely to click on the malicious URLs and download malicious files. Using this method, the Trojan has already attacked numerous gov­ern­ments, or­gan­isa­tions, and companies worldwide, stealing cre­den­tials, financial data, Bitcoin holdings and assets, and causing sig­ni­fic­ant damage.

How can you get infected by a Trojan horse?

Because Trojans are disguised as harmless and often useful programs, any wrong step can lead to an infection. Here are some examples:

  • By opening at­tach­ments included in emails, for example disguised as an invoice or delivery bill.
  • By down­load­ing unknown and free programs, for example games or screensavers. The risk is es­pe­cially high on un­trust­worthy websites.
  • By using cracked ap­plic­a­tions, such as free copies of software that are actually paid for.
  • By visiting dubious websites, like movie streaming sites, which first require down­load­ing a certain video codec.
  • By using outdated tech­no­logy. In December 2017, for example, many Intel pro­cessors became vul­ner­able to an attack. As a result, cy­ber­crim­in­als released a patch called Smoke Loader, which did not fix the problem but installed a Trojan horse.

What are typical signs of Trojan infection?

Trojans are difficult to recognise as malware at first glance because they can disguise them­selves in countless ways. However, there are several clues:

  • If your computer is unusually slow, a Trojan may be re­spons­ible. Since the malware is active in the back­ground and consumes ad­di­tion­al resources, computer per­form­ance decreases. Using Task Manager, you can determine if and which programs are currently running.
  • Pop-ups can also be a sign of Trojan infection. For example, the windows can prompt you to click on infected links.
  • Missing or moved files are usually a clear sign of a Trojan.
  • Your computer shows unusual behaviour, for example, ap­plic­a­tions randomly open or the mouse cursor moves by itself.
  • If your internet con­nec­tion suddenly slows down or there is un­ex­plained activity on your network, this can also indicate a Trojan infection.
  • Security alerts from your antivirus program may be in­dic­a­tions that a Trojan is already in the process of causing damage to your computer.

To avoid more damage, it’s important to know how to detect malware to quickly remove the Trojan.

What damage can a Trojan cause?

The con­sequences of a Trojan infection can be as varied as the malware itself. Data loss can damage the operating system. If the deleted data are critical system files, it may render your computer unusable. It becomes es­pe­cially critical when personal or business data has been stolen by cyber criminals. If it’s your bank and credit card data, you can suffer sig­ni­fic­ant financial damage.

Identity theft is also possible, which allows fraud­sters and scammers to take out loans, open bank accounts, or perform other criminal activ­it­ies in your name. Moreover, a Trojan can interfere with or paralyse important business processes if it in­filt­rates and damages networks or servers. Basically, there is a risk that an infection will install more malware on your computer or network, which may cause the damage to become more and more severe. Therefore, pro­tec­tion against ransom­ware, spyware, and scareware is essential.

How can I protect my system from Trojans?

Like the Greek Trojan horse, a Trojan can infect your system only if you let it in. That’s why you should always be vigilant when browsing websites that offer free films or games, and always be skeptical about free downloads that don’t come from safe sources. In addition, it’s good to keep the following things in mind:

  • Before opening email at­tach­ments, check the sender and the text. If you have any doubts, don’t open the at­tach­ment under any cir­cum­stances.
  • Don’t download anything from unsafe sources. Only install apps from the Play Store or the Apple Store on your smart­phone.
  • Don’t click on unknown links to avoid a drive-by infection on a prepared website.
  • Protect your passwords and use two-factor au­then­tic­a­tion if possible. In addition, only use strong passwords that you can manage securely using, for example, Google Password Manager.
  • Don’t allow macros in Word and Excel documents. These are con­sidered gateways for ransom­ware.
  • Pay attention to file ex­ten­sions and, if in doubt, display them in full. If it’s an ex­ecut­able file, i.e. a possible Trojan, it’ll be marked with an .exe extension.
  • Regularly perform backups. Store these not only in the cloud, but also on a physical data carrier that isn’t easily infected.
  • Always keep your operating system up to date, and install new security updates im­me­di­ately. This also applies to installed programs.
  • Scan your system regularly with a virus scanner to quickly detect and remove any Trojans that have already been installed.
Tip

Protect your data and devices with MyDe­fend­er. This reliable cy­ber­se­cur­ity solution checks your system for viruses with scheduled scans and provides automatic backups, stopping ransom­ware before it starts.

Even if it takes some effort, you should always try to keep your cy­ber­se­cur­ity up and running. There are numerous security measures available to protect you from Trojans and prevent any un­pleas­ant con­sequences.

Go to Main Menu