A Trojan is malware designed to disguise itself as a legitimate file or program. This type of malware gets its name from the mythic Greek legend of a wooden horse presented as a gift to the besieged city of Troy. Once brought within the walls, a company of Greek soldiers hidden within the wooden gift horse then took control of the city. Similarly, once a Trojan gains access to a target system, it unleashes a malicious payload that can open backdoor access routes, steal, block, modify, or copy sensitive data, and more.
Typically, a Trojan gains access to a system via social engineering ploys which trick users into opening what they believe to be a legitimate file or program. Trojans frequently arrive on a system as an email attachment, oftentimes from malspam or phishing campaigns. The messages may even appear to be from friends, colleagues, or trusted institutions. One of the best ways to understand how Trojans work, moreover, is to classify them according to what they try to do once they have infected a system.
Backdoor Trojans attempt to create secret access points on a victim’s computer. These backdoors can then be used to ferry out stolen data or to bring in more malware onto the compromised device.
Distributed Denial of Service (DDoS) Trojans perform Distributed Denial of Service (DDoS) attacks using infected systems to disrupt computer networks by overwhelming them with traffic.
Phony antivirus Trojans impersonate legitimate antivirus software, but frequently demand payments for the detection and removal of fabricated threats.
Spy Trojans are used to spy on a user and how they use their system. Some common abilities of this kind of Trojan include the ability to log a user’s keystrokes on their keyboard, the ability to take periodic screenshots of a system’s desktop, or even to capture live footage from webcams.
Ransomware Trojans are able to encrypt data on a victim’s machine and then demand a ransom for the keys to regain access.
Remote Access Trojans (RATs) frequently incorporate elements of spy trojans, but can also give hackers complete remote control of an infected system.
Rootkit Trojans are technically only a delivery method for deploying malware onto a device. It does its best to remain hidden on a victim’s computer, and can have a variety of functions depending on where it’s deployed and what malware is bundled within its payload.
Banking Trojans target financial accounts and are designed to steal information like account numbers, passwords, credit card numbers, and transaction records. Some well-known examples of this type of Trojan include TrickBot and Ursnif.