Trojan Horses (or simply “Trojans”) are a type of malware that use deception and social engineering to trick unsuspecting users into running seemingly benign computer programs that hide malicious code. While technically they are not computer viruses but rather a separate form of malware, “Trojan horse virus” has become a common way to refer to them.
Table of Contents
What are Trojan Horses?
Trojan Horses are a type of malware that reads passwords, records keyboard strokes or opens the door for further malware that can even take the entire computer hostage. These actions can include:
- Deleting data
- Blocking data
- Modifying data
- Copying data
- Disrupting the performance of computers or computer networks
Trojans are versatile and very popular, so it’s difficult to characterize every kind. That said, most Trojans are designed to take control of a user’s computer, steal data, spy on users, or insert more malware onto a victim’s computer.
Below you can find a list of common types of Trojan attacks, as detected by Kaspersky:
- Backdoor Trojans
They are one of the simplest but potentially most dangerous types of Trojan. This is because they can either load all sorts of malware onto your system in their role as a gateway, or at least ensure that your computer is vulnerable to attack. A backdoor is often used to set up botnets. Without your knowledge, your computer becomes part of a zombie network that is used for attacks. Furthermore, backdoors can allow code and commands to be executed on your device or monitor your web traffic.
Exploits are programs that contain data or code that take advantage of a vulnerability within an application on your computer.
Rootkits are designed to conceal certain objects or activities in your system. Often their main purpose is to prevent malicious programs being detected, in order to extend the period in which the programs can run on an infected computer.
- Dropper/downloader Trojans
One of the best-known dropper Trojans is the Emotet malware, which has now been rendered harmless but which, in contrast to a backdoor Trojan, cannot execute any code on the PC itself. Instead, it brings other malware with it, for example the banking Trojan Trickbot and the ransomware Ryuk. Droppers are therefore similar to downloader Trojans, the difference being that downloaders need a network resource to pull malware from the network. Droppers themselves already contain the other malicious components in the program package. Both types of Trojan can be remotely updated in secret by the programmers responsible, for example so that virus scanners cannot detect them with new definitions. New functions can also be added in this way.
- Banking Trojans
Banking Trojans are among the most widespread Trojans. Given the increasing acceptance of online banking, as well as the carelessness of some users, this is no wonder – they are a promising method for attackers to get their hands on money quickly. Their goal is to obtain the access credentials to bank accounts. To do this they use phishing techniques, for example by sending the alleged victims to a manipulated page where they are supposed to enter their access credentials. Accordingly, when using online banking you should ensure that you use secure methods for verification, such as only the app of the respective bank, and never enter your access data on a web interface.
- DDoS Trojans
Distributed denial-of-service (DDoS) attacks continue to haunt the web. In these attacks, a server or network is torpedoed with requests, usually by a botnet. In mid-June 2020, for example, Amazon fended off a record attack on its servers. For over three days, Amazon’s web services were targeted with a data throughput of 2.3 terabytes per second. There must be an enormous botnet to achieve that kind of computing power. Botnets consist of zombie computers, so to speak. On the face of it they are running normally, but they are also functioning silently as attackers. The reason for this is a Trojan with a backdoor component that slumbers unnoticed on the computer and, if necessary, is activated by its operator. If a botnet attack or a DDoS attack is successful, websites or even entire networks are no longer accessible.
- Fake antivirus Trojans
Fake antivirus Trojans are particularly insidious. Instead of protecting, they get every device into serious trouble. With alleged virus findings, they want to cause panic among unsuspecting users and persuade them to purchase effective protection by paying a fee. But instead of a helpful virus scanner, the user only gets more problems, as their payment data is conveyed to the Trojan originator for further misuse. So if you suddenly get a virus warning in your browser when visiting a website, you should ignore this and only trust your system virus scanner.
This type of program steals user account information from online gamers.
- Trojan-IM (Instant Messaging)
Trojan-IM programs steal your login data and passwords for instant messaging programs such as ICQ, MSN Messenger, AOL Instant Messenger, Yahoo Pager, Skype, etc. One could argue that these messengers are barely in use nowadays. However, even new messenger services are not immune to Trojans. Facebook Messenger, WhatsApp, Telegram or Signal could also become targets of Trojans. As recently as December 2020, a Windows Trojan was commandeered via a Telegram channel. Instant messaging should also be protected against dangerous phishing attacks.
In January 2018, security researchers at Kaspersky discovered a Trojan called Skygofree. The malware has extremely advanced functions and can, for example, connect to Wi-Fi networks on its own, even if the user has deactivated the function on their device. The Skygofree Trojan can also monitor the popular messenger service WhatsApp. It reads messages and can also steal them.
This type of Trojan can modify data on your computer so that your computer doesn’t run correctly or you can no longer use specific data. The criminal will only restore your computer’s performance or unblock your data after you have paid them the ransom money that they demand.
- SMS Trojans
They may seem like a relic from another century, yet they are still active and pose a significant threat. SMS Trojans such as the Android malware Faketoken can work in different ways. Faketoken, for example, sends mass SMS messages to expensive international numbers and disguises itself in the system as a standard SMS app. The smartphone owner has to pay the costs for this. Other SMS Trojans establish connections to expensive premium SMS services.
Trojan-Spy programs can spy on how you’re using your computer – for example, by tracking the data you enter via your keyboard, taking screenshots or getting a list of running applications.
These programs can harvest email addresses from your computer.
In addition, there are other types of Trojans:
Is my computer or phone infected with a Trojan Virus?
It’s not always easy to tell if your computer was compromised or not, because these days cybercriminals are going to great lengths to hide their code and conceal what their programs are doing on an infected computer.
Trojans can look like just about anything, from free software and music, to browser advertisements to seemingly legitimate apps. Any number of unwise user behaviors can lead to a Trojan infection. Here are a few examples:
- Downloading cracked applications. Promises of an illegal free copy of a piece of software can be enticing, but the cracked software or activation key generator may conceal a Trojan attack.
- Downloading unknown free programs. What looks like a free game or screensaver could really be a Trojan, especially if you find it on an untrustworthy site.
- Opening infected attachments. You get a strange email with what looks like an important attachment, like an invoice or a delivery receipt, but it launches a Trojan when you click on it.
- Visiting shady websites. Some sites only need a moment to infect your computer. Others use tricks like pretending to stream a popular movie, but only if you download a certain video codec, which is really a Trojan.
- Any other social engineering that disguises itself by taking advantage of the latest trends. For example, in December 2017, an extensive installed base of Intel processors was discovered to be vulnerable to attack due to hardware issues. Hackers leveraged the ensuing panic by faking a patch called Smoke Loader, which installed a Trojan.
To check your device for Trojan Horses and remove them for free, please use the guide below.
Removal instructions for Trojan Viruses
Please perform all the steps in the correct order. If you have any questions or doubts at any point, stop and ask for our assistance.
- Remove Trojan Viruses from Windows
- Remove Trojan Viruses from Mac
- Remove Trojan Viruses from Android