Not everything is what it seems in computing; sometimes a simple download can actually be malware in disguise - a hacking method known as 'Trojan'.
This is the digital version of the famous tactic the Greek army used to infiltrate the city of Troy. The payload for the modern equivalent is your data, be it personal or financial, which might be found in your hard drive.
Once it is downloaded, a Trojan virus will lay low, simply gathering information for its creator - often people have no idea their machine is compromised. It has been known to block access to data and even drain resources while hiding in a victims machine.
Trojan's are widely available and relatively inexpensive, often used in DDoS attacks and also as vehicles for other viruses, such as ransomware. A 2019 NCA investigation found that remote access Trojans - known as 'RATs' - were available for as little as $25 (£19), which is part of the reason they're so popular.
Aside from price and availability, Trojans are also seen as some of the most effective tools available for hacking, especially considering that in most cases, victims only realise one is on their machine at the last minute.
How Trojans work
Unlike computer viruses and worms, Trojans cannot self-replicate to spread across computers on their own. Instead, leverage social engineering tactics and prey on people with poor cyber awareness to make their Trojan campaigns successful. These typically trick users into downloading what appear to be legitimate applications or files, which in fact contain malicious code.
Such apps are particularly potent in third-party application stores, where they can sit among other legitimate software. In fact, cyber security researchers at Zscaler ThreatLabz recently found 90 malicious apps on the Google Play Store, which had collectively amassed more than 5.5 million downloads. Hackers also spread trojans by attaching them to emails and spamming large numbers of people. Trojans may appear in pop-up adverts, too.
As soon as a victim installs a malicious app, opens a spam email attachment or clicks an unwanted advert containing a Trojan, the malware will download onto their computer from the cyber criminal’s server. The Trojan then runs in the background whenever the device is on.
Although Trojans don’t have the ability to manifest by themselves, cyber criminals can remotely control an infected computer to spread the Trojan to other devices. Once a cybercriminal has successfully installed their Trojan on a victim’s device, they can conduct a range of nefarious activities. Hackers may steal personal data, delete or modify files, create backdoors for remotely controlling devices, and take screenshots or access webcams to spy on victims, explains Jake Moore, global cyber security advisor at ESET.
Trojan types
What is important to remember is that the term “Trojan” is actually just an umbrella term for a wide variety of malware types, from RATs to cryptocurrency miners. In fact, Trojans are usually named after the way they behave once they gain access to a system.
Backdoor Trojans, sometimes referred to as remote access Trojans (RATs), are built with the intention to allow cyber criminals to grasp full control over a system. They achieve this by creating a so-called backdoor that lets them come and go as they please for as long as the Trojan goes undetected, and can be used for an array of illegal activities, from spying on users to implementing larger cyber attacks.
Download Trojans, as their name suggests, are capable of downloading other malicious programmes once they gain access to a system. The most common tools are keyloggers, which harvest any usernames and passwords entered into the system, or cryptocurrency miners, which take advantage of a system’s processing power in order to subtly mine for Bitcoin as well as other digital tokens.
Banking Trojans, otherwise known as 'Trojan bankers', focus primarily on financial gain. They are able to conceal themselves within a system, waiting for the moment when the user decides to access a financial service such as an online bank account. They then intercept this traffic and redirect their victim to a fraudulent website which usually contains data capture forms used to steal the victim’s information.
Banking Trojans have enjoyed considerable success in the past, with some famous examples including Zeus, Dridex, and Kronos. However, with today's heightened security measures as well as proactive efforts to prevent this style of attacks, banking Trojans aren't as common as they used to be.
How to remove a Trojan
It isn’t easy removing Trojans from an infected device. Typically, they hide in files and can be hard for users to spot. But that doesn’t mean removing them is impossible.
The first step in eradicating a Trojan infection is downloading a competent antivirus app onto your device. A trusted antivirus solution should enable you to conduct a system scam to identify malicious software and may also provide other features for dealing with Trojans.
Once you know the malicious file's identity, you can then remove it from your system. When doing so, it’s generally advisable to disable the device's Wi-Fi connection and put it into its recovery mode so that the Trojan cannot interfere with the removal process.
How to protect against Trojans
While Trojans can cause significant damage if loaded on someone's system, there are ways to prevent malware from causing problems.
Simple steps such as avoiding unsafe websites and keeping accounts safe with secure passwords and firewalls can help prevent malware attacks. Updating a device's operating system as soon as possible will also help prevent Trojans from causing damage as malware tends to exploit the problems in outdated software.
It's also advisable to back up your files regularly, as if a Trojan infects your computer, this will help you to easily restore your data.
However, perhaps the most effective way of preventing this kind of malware attack is by installing anti-malware software on devices and running diagnostic scans with this software periodically.
