What are Trojans and how can you protect yourself from them?

There are many different types of Trojans, but they all have one goal, which is to cause unnoticed damage to a computer or device. Even careless surfing on the internet can cause the malware to install itself. Although they’re good at camouflaging themselves, there are typical signs of a Trojan infection and numerous ways to protect yourself.

What is a Trojan?

A Trojan is the most common type of malicious software (malware). It pretends to be a useful or harmless program that can be downloaded. A Trojan can take many different forms and enter a system in different ways, such as through email attachments, software downloads, or manipulated websites.

Once installed, the malware is activated. In general, Trojans can delete, block, modify, copy data, or limit the performance of your system. There are three main groups:

• Trojans that are permanently active in the background and spy on your online data or keystrokes; these are the most common.
• Trojans that become active only when you connect to the internet or visit a certain website; these are often used to access data for online banking.
• Server-access Trojans install a server program on your computer, which allows criminals to control it remotely.

Although the term is often used interchangeably with other malicious programs like viruses or worms, a Trojan isn’t able to replicate itself or infect files.

What kinds of Trojans are there?

Trojans can be differentiated not only by their activity, but also by their type. The most common types of Trojans include:

Backdoor Trojan

Backdoor Trojans usually modify your security system. This creates backdoors that allow other malware or hackers to access your system. This most dangerous type of Trojan is often used to build a botnet, which is used to execute Distributed Denial-of-Service (DDoS) attacks. This involves torpedoing a specific server or a network with a high number of computers.

Link Trojan

Link Trojans contain a fully functional host file, for example, a program to improve the computer’s performance — and malicious software. As soon as you launch the program, the malware is executed as well. Since the host file is disguised as a harmless program, the malicious software isn’t noticeable.

Dropper Trojan

Dropper Trojans install another malicious software in addition to the main software. They connect to autostart programs and are executed automatically every time the computer is started. In the process, like backdoor Trojans, it opens backdoors for further malicious programs.

Download Trojan

Downloader Trojans work in the same way as dropper Trojans. While the latter already contain the malware, downloader Trojans need a network resource to download it. This way, they can be updated unnoticed. That’s why they’re often not detected by virus scanners.

SMS Trojan

SMS Trojans can infect smartphones and, disguised as a harmless SMS app, send text messages to expensive international numbers, for example. You, as the smartphone owner, end up bearing the costs. A common method used by criminals to make money is sending expensive texts to premium numbers.

Trojan spy programs

Trojan spy programs can take screenshots or record your keystrokes to steal codes for online banking, credit cards, or other confidential data. Remote access and adware are also possible.

Blackmail Trojan

Extortion Trojans, better known as ransomware, modify files on your computer so that it stops working properly or you can’t access certain data. The data is only released by the cyber criminals once you’ve paid the ransom.

Fake antivirus Trojan

Fake antivirus Trojans display a virus warning in the browser when you visit a certain website to make you purchase a virus scanner for a fee. Instead, the payment details are sent to the creator or originator of the Trojan.

Banking Trojan

Banking Trojans try to get access to your online banking data using phishing techniques. Instead of entering your data, you’re directed to a manipulated page, for example.

Apart from these, there are many other types of Trojans, e.g. exploits, rootkits, and Trojan mailfinders.

How do Trojans work?

Trojans work on the same principle as the eponymous wooden horse from Greek mythology: malware disguised as useful and legitimate turns out to be malicious. A download is a prerequisite for a Trojan to infect your device. This can also run unnoticed in the background and be launched by clicking on a manipulated image or an infected link.

Trojans usually consist of two independent programs that can be linked in different ways. Malware can be attached to the host software via linkers and start as soon as it’s executed. When a dropper is used, the malware is dropped onto your computer when the host program is started. A third method is to integrate secret program codes into the host software, like a browser plugin. These are executed within the browser, which means that the internet connection can be easily used, for example, to forward data.

Who uses Trojans and for what?

Trojans are used not only by criminals, but also by government bodies to fight crime, for example, with federal or state Trojans. The goal is to collection information from suspects and targets who are considered a threat to national security. Some companies use Trojans as surveillance software to monitor their employees. Cybercriminals, on the other hand, use Trojans to steal personal data, identities, and money, by hacking online accounts with stolen passwords.

Emotet, the world’s most dangerous Trojan

Emotet is considered the most dangerous malware in the world. First discovered in 2014, the malware is a Trojan that mainly spreads via spam or phishing emails and contains an infected Word document. When opened, the malware installs itself on the computer and immediately starts encrypting files, stealing passwords, logging keystrokes, and downloading more malware. Emotet also lets attackers take control of the infected computer. The Trojan is also able to update itself to avoid detection by antivirus software.

Emotet spreads by taking over contact lists and sending itself to their contacts. The email address’s owner is always displayed as the sender. That’s why the emails don’t look like spam, and recipients don’t suspect anything. This makes users more likely to click on the malicious URLs and download malicious files. Using this method, the Trojan has already attacked numerous governments, organizations, and companies worldwide, stealing credentials, financial data, Bitcoin holdings and assets, and causing significant damage.

How can you get infected by a Trojan horse?

Because Trojans are disguised as harmless and often useful programs, any wrong step can lead to an infection. Here are some examples:

• By opening attachments included in emails, for example disguised as an invoice or delivery bill.
• By downloading unknown and free programs, for example games or screensavers. The risk is especially high on untrustworthy websites.
• By using cracked applications, such as free copies of software that are actually paid for.
• By visiting dubious websites, like movie streaming sites, which first require downloading a certain video codec.
• By using outdated technology. In December 2017, for example, many Intel processors became vulnerable to an attack. As a result, cybercriminals released a patch called Smoke Loader, which did not fix the problem but installed a Trojan horse.

What are typical signs of Trojan infection?

Trojans are difficult to recognize as malware at first glance because they can disguise themselves in countless ways. However, there are several clues:

• If your computer is unusually slow, a Trojan may be responsible. Since the malware is active in the background and consumes additional resources, computer performance decreases. Using Task Manager, you can determine if and which programs are currently running.
• Pop-ups can also be a sign of Trojan infection. For example, the windows can prompt you to click on infected links.
• Missing or moved files are usually a clear sign of a Trojan.
• Your computer shows unusual behavior, for example, applications randomly open or the mouse cursor moves by itself.
• If your internet connection suddenly slows down or there is unexplained activity on your network, this can also indicate a Trojan infection.
• Security alerts from your antivirus program may be indications that a Trojan is already in the process of causing damage to your computer.

To avoid more damage, it’s important to know how to detect malware to quickly remove the Trojan.

What damage can a Trojan cause?

The consequences of a Trojan infection can be as varied as the malware itself. Data loss can damage the operating system. If the deleted data are critical system files, it may render your computer unusable. It becomes especially critical when personal or business data has been stolen by cyber criminals. If it’s your bank and credit card data, you can suffer significant financial damage.

Identity theft is also possible, which allows fraudsters and scammers to take out loans, open bank accounts, or perform other criminal activities in your name. Moreover, a Trojan can interfere with or paralyze important business processes if it infiltrates and damages networks or servers. Basically, there is a risk that an infection will install more malware on your computer or network, which may cause the damage to become more and more severe. Therefore, protection against ransomware, spyware, and scareware is essential.

How can I protect my system from Trojans?

Like the Greek Trojan horse, a Trojan can infect your system only if you let it in. That’s why you should always be vigilant when browsing websites that offer free movies or games, and always be skeptical about free downloads that don’t come from safe sources. In addition, it’s good to keep the following things in mind:

• Before opening email attachments, check the sender and the text. If you have any doubts, don’t open the attachment under any circumstances.
• Don’t download anything from unsafe sources. Only install apps from the Play Store or the Apple Store on your smartphone.
• Don’t click on unknown links to avoid a drive-by infection on a prepared website.
• Protect your passwords and use two-factor authentication if possible. In addition, only use strong passwords that you can manage securely using, for example, Google Password Manager.
• Don’t allow macros in Word and Excel documents. These are considered gateways for ransomware.
• Pay attention to file extensions and, if in doubt, display them in full. If it’s an executable file, i.e. a possible Trojan, it’ll be marked with an .exe extension.
• Regularly perform backups. Store these not only in the cloud, but also on a physical data carrier that isn’t easily infected.
• Always keep your operating system up to date, and install new security updates immediately. This also applies to installed programs.
• Scan your system regularly with a virus scanner to quickly detect and remove any Trojans that have already been installed.

Even if it takes some effort, you should always try to keep your cybersecurity up and running. There are numerous security measures available to protect you from Trojans and prevent any unpleasant consequences.