There are many different types of Trojans, but they all have one goal, which is to cause unnoticed damage to a computer or device. Even careless surfing on the internet can cause the malware to install itself. Although they’re good at cam­ou­flag­ing them­selves, there are typical signs of a Trojan infection and numerous ways to protect yourself.

What is a Trojan?

A Trojan is the most common type of malicious software (malware). It pretends to be a useful or harmless program that can be down­loaded. A Trojan can take many different forms and enter a system in different ways, such as through email at­tach­ments, software downloads, or ma­nip­u­lat­ed websites.

Once installed, the malware is activated. In general, Trojans can delete, block, modify, copy data, or limit the per­for­mance of your system. There are three main groups:

  • Trojans that are per­ma­nent­ly active in the back­ground and spy on your online data or key­strokes; these are the most common.
  • Trojans that become active only when you connect to the internet or visit a certain website; these are often used to access data for online banking.
  • Server-access Trojans install a server program on your computer, which allows criminals to control it remotely.

Although the term is often used in­ter­change­ably with other malicious programs like viruses or worms, a Trojan isn’t able to replicate itself or infect files.

What kinds of Trojans are there?

Trojans can be dif­fer­en­ti­at­ed not only by their activity, but also by their type. The most common types of Trojans include:

Backdoor Trojan

Backdoor Trojans usually modify your security system. This creates backdoors that allow other malware or hackers to access your system. This most dangerous type of Trojan is often used to build a botnet, which is used to execute Dis­trib­uted Denial-of-Service (DDoS) attacks. This involves tor­pe­do­ing a specific server or a network with a high number of computers.

Link Trojan

Link Trojans contain a fully func­tion­al host file, for example, a program to improve the computer’s per­for­mance — and malicious software. As soon as you launch the program, the malware is executed as well. Since the host file is disguised as a harmless program, the malicious software isn’t no­tice­able.

Dropper Trojan

Dropper Trojans install another malicious software in addition to the main software. They connect to autostart programs and are executed au­to­mat­i­cal­ly every time the computer is started. In the process, like backdoor Trojans, it opens backdoors for further malicious programs.

Download Trojan

Down­loader Trojans work in the same way as dropper Trojans. While the latter already contain the malware, down­loader Trojans need a network resource to download it. This way, they can be updated unnoticed. That’s why they’re often not detected by virus scanners.

SMS Trojan

SMS Trojans can infect smart­phones and, disguised as a harmless SMS app, send text messages to expensive in­ter­na­tion­al numbers, for example. You, as the smart­phone owner, end up bearing the costs. A common method used by criminals to make money is sending expensive texts to premium numbers.

Trojan spy programs

Trojan spy programs can take screen­shots or record your key­strokes to steal codes for online banking, credit cards, or other con­fi­den­tial data. Remote access and adware are also possible.

Blackmail Trojan

Extortion Trojans, better known as ran­somware, modify files on your computer so that it stops working properly or you can’t access certain data. The data is only released by the cyber criminals once you’ve paid the ransom.

Fake antivirus Trojan

Fake antivirus Trojans display a virus warning in the browser when you visit a certain website to make you purchase a virus scanner for a fee. Instead, the payment details are sent to the creator or orig­i­na­tor of the Trojan.

Banking Trojan

Banking Trojans try to get access to your online banking data using phishing tech­niques. Instead of entering your data, you’re directed to a ma­nip­u­lat­ed page, for example.

Apart from these, there are many other types of Trojans, e.g. exploits, rootkits, and Trojan mail­find­ers.

How do Trojans work?

Trojans work on the same principle as the eponymous wooden horse from Greek mythology: malware disguised as useful and le­git­i­mate turns out to be malicious. A download is a pre­req­ui­site for a Trojan to infect your device. This can also run unnoticed in the back­ground and be launched by clicking on a ma­nip­u­lat­ed image or an infected link.

Trojans usually consist of two in­de­pen­dent programs that can be linked in different ways. Malware can be attached to the host software via linkers and start as soon as it’s executed. When a dropper is used, the malware is dropped onto your computer when the host program is started. A third method is to integrate secret program codes into the host software, like a browser plugin. These are executed within the browser, which means that the internet con­nec­tion can be easily used, for example, to forward data.

Who uses Trojans and for what?

Trojans are used not only by criminals, but also by gov­ern­ment bodies to fight crime, for example, with federal or state Trojans. The goal is to col­lec­tion in­for­ma­tion from suspects and targets who are con­sid­ered a threat to national security. Some companies use Trojans as sur­veil­lance software to monitor their employees. Cy­ber­crim­i­nals, on the other hand, use Trojans to steal personal data, iden­ti­ties, and money, by hacking online accounts with stolen passwords.

Emotet, the world’s most dangerous Trojan

Emotet is con­sid­ered the most dangerous malware in the world. First dis­cov­ered in 2014, the malware is a Trojan that mainly spreads via spam or phishing emails and contains an infected Word document. When opened, the malware installs itself on the computer and im­me­di­ate­ly starts en­crypt­ing files, stealing passwords, logging key­strokes, and down­load­ing more malware. Emotet also lets attackers take control of the infected computer. The Trojan is also able to update itself to avoid detection by antivirus software.

Emotet spreads by taking over contact lists and sending itself to their contacts. The email address’s owner is always displayed as the sender. That’s why the emails don’t look like spam, and re­cip­i­ents don’t suspect anything. This makes users more likely to click on the malicious URLs and download malicious files. Using this method, the Trojan has already attacked numerous gov­ern­ments, or­ga­ni­za­tions, and companies worldwide, stealing cre­den­tials, financial data, Bitcoin holdings and assets, and causing sig­nif­i­cant damage.

How can you get infected by a Trojan horse?

Because Trojans are disguised as harmless and often useful programs, any wrong step can lead to an infection. Here are some examples:

  • By opening at­tach­ments included in emails, for example disguised as an invoice or delivery bill.
  • By down­load­ing unknown and free programs, for example games or screen­savers. The risk is es­pe­cial­ly high on un­trust­wor­thy websites.
  • By using cracked ap­pli­ca­tions, such as free copies of software that are actually paid for.
  • By visiting dubious websites, like movie streaming sites, which first require down­load­ing a certain video codec.
  • By using outdated tech­nol­o­gy. In December 2017, for example, many Intel proces­sors became vul­ner­a­ble to an attack. As a result, cy­ber­crim­i­nals released a patch called Smoke Loader, which did not fix the problem but installed a Trojan horse.

What are typical signs of Trojan infection?

Trojans are difficult to recognize as malware at first glance because they can disguise them­selves in countless ways. However, there are several clues:

  • If your computer is unusually slow, a Trojan may be re­spon­si­ble. Since the malware is active in the back­ground and consumes ad­di­tion­al resources, computer per­for­mance decreases. Using Task Manager, you can determine if and which programs are currently running.
  • Pop-ups can also be a sign of Trojan infection. For example, the windows can prompt you to click on infected links.
  • Missing or moved files are usually a clear sign of a Trojan.
  • Your computer shows unusual behavior, for example, ap­pli­ca­tions randomly open or the mouse cursor moves by itself.
  • If your internet con­nec­tion suddenly slows down or there is un­ex­plained activity on your network, this can also indicate a Trojan infection.
  • Security alerts from your antivirus program may be in­di­ca­tions that a Trojan is already in the process of causing damage to your computer.

To avoid more damage, it’s important to know how to detect malware to quickly remove the Trojan.

What damage can a Trojan cause?

The con­se­quences of a Trojan infection can be as varied as the malware itself. Data loss can damage the operating system. If the deleted data are critical system files, it may render your computer unusable. It becomes es­pe­cial­ly critical when personal or business data has been stolen by cyber criminals. If it’s your bank and credit card data, you can suffer sig­nif­i­cant financial damage.

Identity theft is also possible, which allows fraud­sters and scammers to take out loans, open bank accounts, or perform other criminal ac­tiv­i­ties in your name. Moreover, a Trojan can interfere with or paralyze important business processes if it in­fil­trates and damages networks or servers. Basically, there is a risk that an infection will install more malware on your computer or network, which may cause the damage to become more and more severe. Therefore, pro­tec­tion against ran­somware, spyware, and scareware is essential.

How can I protect my system from Trojans?

Like the Greek Trojan horse, a Trojan can infect your system only if you let it in. That’s why you should always be vigilant when browsing websites that offer free movies or games, and always be skeptical about free downloads that don’t come from safe sources. In addition, it’s good to keep the following things in mind:

  • Before opening email at­tach­ments, check the sender and the text. If you have any doubts, don’t open the at­tach­ment under any cir­cum­stances.
  • Don’t download anything from unsafe sources. Only install apps from the Play Store or the Apple Store on your smart­phone.
  • Don’t click on unknown links to avoid a drive-by infection on a prepared website.
  • Protect your passwords and use two-factor au­then­ti­ca­tion if possible. In addition, only use strong passwords that you can manage securely using, for example, Google Password Manager.
  • Don’t allow macros in Word and Excel documents. These are con­sid­ered gateways for ran­somware.
  • Pay attention to file ex­ten­sions and, if in doubt, display them in full. If it’s an ex­e­cutable file, i.e. a possible Trojan, it’ll be marked with an .exe extension.
  • Regularly perform backups. Store these not only in the cloud, but also on a physical data carrier that isn’t easily infected.
  • Always keep your operating system up to date, and install new security updates im­me­di­ate­ly. This also applies to installed programs.
  • Scan your system regularly with a virus scanner to quickly detect and remove any Trojans that have already been installed.
Tip

Protect your data and devices with My­De­fend­er. This reliable cy­ber­se­cu­ri­ty solution checks your system for viruses with scheduled scans and provides automatic backups, stopping ran­somware before it starts.

Even if it takes some effort, you should always try to keep your cy­ber­se­cu­ri­ty up and running. There are numerous security measures available to protect you from Trojans and prevent any un­pleas­ant con­se­quences.

Go to Main Menu