Cybersecurity Glossary

Trojan Horse

Share :

What Is a Trojan Horse? 

A Trojan Horse is malware that comes in disguise. Designed to look like a legitimate piece of code or software, it tricks a user into downloading, installing and/or running the malicious code on their device. Once done, the Trojan Horse unleashes its nefarious payload, which can take the form of any number of damaging or disruptive attacks. 

Is a Trojan Horse a Virus or Malware? 

While commonly referred to as a Trojan Horse Virus, Trojan Horses are actually malware. The difference? A Trojan Horse has no ability to self-replicate or self-execute, which are the defining characteristics of computer viruses. 

How Did Trojan Horse Get Its Name? 

The Trojan Horse shares a name with a famous piece of Greek weaponry, first mentioned in Ulysses’ The Odyssey.

According to the epic poem, the Greek army, frustrated after a decade-long attempt to seize control of the city of Troy, built a massive horse, inside which were hidden Greek soldiers. The horse was brought to Troy’s city gates under the guise of a gift. Once the horse was brought inside the city gates, the Greek soldiers emerged from the horse and laid waste to the city. 

It’s an appropriate name, then, for a piece of malware that disguises itself as an innocuous piece of code, biding its time until safely inside a system before laying waste to your data.  

How Does a Trojan Horse Work? 

As they require a human element to download them, Trojan Horses most commonly find their way onto devices via social engineering. This often takes the form of banner or pop-up ads on websites, or links or attachments in emails, all of which trick users into clicking and downloading.  

Once server side, the malicious payload gets to work. A Trojan Horse can be the launching point for a ransomware attack, search for and exploit known vulnerabilities, or take over the device remotely, turning it into a botnet for DDoS attacks or crypto mining. 

Ten Types of Trojan Horses 

Like snowflakes, no two Trojan Horses are alike. Attackers create custom versions designed to execute specific actions in systems.  

1. Spy Trojan

Once inside a system, this type of Trojan stays hidden and observes. It can activate your webcam, take screenshots, record your keystrokes, and track every move you make both online and off. 

2. Exploit Trojan

This malicious program searches for and exploits known vulnerabilities that remain unpatched and unremediated on a device or in a network.  

3. Fake AV Trojan

A Trojan Horse that disguises itself as legitimate antivirus (AV) software. Once inside, it searches for and removes any legitimate AV on the system, then warns users of false threats and extorts money for their removal. 

4. DDoS Trojan

This type of Trojan Horse essentially turns a device into a botnet, linking up with other infected devices to execute distributed denial of service attacks where an army of devices flood a network with traffic until it overloads. 

5. Backdoor Trojan

While likely clear from context clues, this type of Trojan Horse creates a “backdoor” into a device, allowing the attacker to come and go as they please and giving them free reign to download data, delete or manipulate files, or any number of other nefarious actions. 

6. Ransom Trojan

A malicious program that, once installed on a device, encrypts all data until a ransom is paid to the attacker. 

7. Banker Trojan

This type of Trojan targets a user’s financial account information stored on the device, and attempts to gain access to bank, investment and credit card accounts. 

8. Downloader Trojan

Designed to infect already infected devices, this type of Trojan Horse installs the latest and greatest versions of malware and adware onto previously compromised systems. 

9. Rootkit Trojan

This version of a Trojan Horse performs its own form of deception, attempting to disguise or obfuscate other forms of malware on the device, allowing them more time to do their dirty work. 

10. Infostealer Trojan

While it’s not the most creative name, it’s an accurate one. This version of a Trojan Horse sneaks onto your device and steals all of its data. 

Trojan Horses and Mobile Devices 

Trojan Horses aren’t limited to desktops and laptops. An entire cottage industry of mobile-ready versions have gained significant traction in recent years. These lean and mean iterations can infect smartphones, tablets — really any device that connects to the internet. 

Generally disguised as an app, an unwitting user downloads it from an unofficial app store and launches the program, infecting their device. Once done, attackers can launch any number of attacks, including the ones above, as well as SMS and IM attacks designed to steal your text and instant messaging information. 

How To Protect Against Trojan Horses 

As Trojan Horses rely on users being tricked into downloading the malicious code onto their own device, the best defense is to pay attention when online. That means: 

  • Being careful what you click on 
  • Only downloading software and applications from trusted sources and stores 
  • Make sure the websites you visit are secure and begin with https, which stands for hypertext transfer protocol secure (HTTPS). 
  • Ensure you use strong passwords and never repeat them. Consider a password manager to make this job easier. 
  • Regularly check for and install software and operating system updates (or set your device to run them manually). 
  • Organizations should invest in security operations solutions which can detect and block Trojan Horses as well as many other attack types. 
Picture of Arctic Wolf

Arctic Wolf

Arctic Wolf provides your team with 24x7 coverage, security operations expertise, and strategically tailored security recommendations to continuously improve your overall posture.
Share :
Subscribe to our Monthly Newsletter

Additional Resources For

Cybersecurity Beginners