Trojan Horse

What Is a Trojan Horse?

A Trojan Horse is malware that comes in disguise. Designed to look like a legitimate piece of code or software, it tricks a user into downloading, installing and/or running the malicious code on their device. Once done, the Trojan Horse unleashes its nefarious payload, which can take the form of any number of damaging or disruptive attacks.

Is a Trojan Horse a Virus or Malware?

While commonly referred to as a Trojan Horse Virus, Trojan Horses are actually malware. The difference? A Trojan Horse has no ability to self-replicate or self-execute, which are the defining characteristics of computer viruses.

How Did Trojan Horse Get Its Name?

The Trojan Horse shares a name with a famous piece of Greek weaponry, first mentioned in Ulysses’ The Odyssey.

According to the epic poem, the Greek army, frustrated after a decade-long attempt to seize control of the city of Troy, built a massive horse, inside which were hidden Greek soldiers. The horse was brought to Troy’s city gates under the guise of a gift. Once the horse was brought inside the city gates, the Greek soldiers emerged from the horse and laid waste to the city.

It’s an appropriate name, then, for a piece of malware that disguises itself as an innocuous piece of code, biding its time until safely inside a system before laying waste to your data.

How Does a Trojan Horse Work?

As they require a human element to download them, Trojan Horses most commonly find their way onto devices via social engineering. This often takes the form of banner or pop-up ads on websites, or links or attachments in emails, all of which trick users into clicking and downloading.

Once server side, the malicious payload gets to work. A Trojan Horse can be the launching point for a ransomware attack, search for and exploit known vulnerabilities, or take over the device remotely, turning it into a botnet for DDoS attacks or crypto mining.

Ten Types of Trojan Horses

Like snowflakes, no two Trojan Horses are alike. Attackers create custom versions designed to execute specific actions in systems.

1. Spy Trojan

Once inside a system, this type of Trojan stays hidden and observes. It can activate your webcam, take screenshots, record your keystrokes, and track every move you make both online and off.

2. Exploit Trojan

This malicious program searches for and exploits known vulnerabilities that remain unpatched and unremediated on a device or in a network.

3. Fake AV Trojan

A Trojan Horse that disguises itself as legitimate antivirus (AV) software. Once inside, it searches for and removes any legitimate AV on the system, then warns users of false threats and extorts money for their removal.

4. DDoS Trojan

This type of Trojan Horse essentially turns a device into a botnet, linking up with other infected devices to execute distributed denial of service attacks where an army of devices flood a network with traffic until it overloads.

5. Backdoor Trojan

While likely clear from context clues, this type of Trojan Horse creates a “backdoor” into a device, allowing the attacker to come and go as they please and giving them free reign to download data, delete or manipulate files, or any number of other nefarious actions.

6. Ransom Trojan

A malicious program that, once installed on a device, encrypts all data until a ransom is paid to the attacker.

7. Banker Trojan

This type of Trojan targets a user’s financial account information stored on the device, and attempts to gain access to bank, investment and credit card accounts.

8. Downloader Trojan

Designed to infect already infected devices, this type of Trojan Horse installs the latest and greatest versions of malware and adware onto previously compromised systems.

9. Rootkit Trojan

This version of a Trojan Horse performs its own form of deception, attempting to disguise or obfuscate other forms of malware on the device, allowing them more time to do their dirty work.

10. Infostealer Trojan

While it’s not the most creative name, it’s an accurate one. This version of a Trojan Horse sneaks onto your device and steals all of its data.

Trojan Horses and Mobile Devices

Trojan Horses aren’t limited to desktops and laptops. An entire cottage industry of mobile-ready versions have gained significant traction in recent years. These lean and mean iterations can infect smartphones, tablets — really any device that connects to the internet.

Generally disguised as an app, an unwitting user downloads it from an unofficial app store and launches the program, infecting their device. Once done, attackers can launch any number of attacks, including the ones above, as well as SMS and IM attacks designed to steal your text and instant messaging information.

How To Protect Against Trojan Horses

As Trojan Horses rely on users being tricked into downloading the malicious code onto their own device, the best defense is to pay attention when online. That means:

Being careful what you click on
Only downloading software and applications from trusted sources and stores
Make sure the websites you visit are secure and begin with https, which stands for hypertext transfer protocol secure (HTTPS).
Ensure you use strong passwords and never repeat them. Consider a password manager to make this job easier.
Regularly check for and install software and operating system updates (or set your device to run them manually).
Organizations should invest in security operations solutions which can detect and block Trojan Horses as well as many other attack types.

Arctic Wolf

Arctic Wolf provides your team with 24x7 coverage, security operations expertise, and strategically tailored security recommendations to continuously improve your overall posture.

© 2024 Arctic Wolf Networks Inc. All Rights Reserved.
Privacy Notice	Terms of Use	Cookie Policy	Accessibility Statement	Information Security	Sustainability Statement	Cookies Settings

SOLUTIONS

INDUSTRIES

Quickly detect, respond, and recover from advanced threats.

Detect and respond to advanced threats targeting your cloud infrastructure and applications.

Discover, assess, and harden your environment against digital risks.

Explore, harden, and simplify your cloud environment against misconfiguration vulnerabilities.

Engage and prepare employees to recognize and neutralize social engineering attacks.

Recover quickly from cyber attacks and breaches, from threat containment to business restoration.

HOW IT WORKS

Delivering security operations outcomes.

Collect, enrich, analyze.

Ecosystem integrations and technology partnerships.

Tailored security expertise and guided risk mitigation.

Security experts proactively protecting you 24×7.

Meet some of the security experts working alongside you and your team.

TRENDING RESOURCES

Understanding ransomware — from its origins to its impacts to the TTPs that allow ransomware gangs to exploit victim organizations and make off with millions in ransom payments and extortion fees.

The elite security researchers, data scientists, and security developers of Arctic Wolf Labs share forward-thinking insights along with practical guidance you can apply to protect your organization.

Learn how our Concierge Security® and Triage Security Teams help end cyber risk.

SECURITY BULLETINS

CVE-2024-3400: Follow Up: Patches Released for Actively Exploited Critical Vulnerability in GlobalProtect Feature of PAN-OS

CVE-2024-26234 for Windows and CVE-2024-29053 for Defender for IOT highlighted in Microsoft’s April 2024 Patch Tuesday

CVE-2024-3400: Critical Vulnerability in GlobalProtect Feature of PAN-OS being Actively Exploited

COMPANY