What is a computer Trojan | WeLiveSecurity

Computer Trojan horse refers to malicious software that masquerades as something harmless and gives an attacker access to an infected computer to perform other malicious actions.

The term computer trojan is used to describe the most common category of malware today. It is a malicious program that masquerades as something legitimate or harmless to try to access a victim's computer or mobile device and perform various types of malicious actions. They can come hidden in many forms, from an audio file (WAV or MP3), a ZIP or RAR file, a browser extension, a legitimate software installer, an update file or a phone app, among others. many.

What a Trojan can do on an infected computer

Trojans can be used by an attacker for various malicious purposes, such as opening backdoors, taking control of the victim's device, stealing data from the infected computer and send them to the attacker, download and run additional malicious software on the victim's computer or device, among other actions. By basing their success on simulation and the need for the user to execute the file, Trojans are characterized by a high use of social engineering techniques.

Why a Trojan is not a virus

While many people refer to Trojans as a virus, unlike computer viruses, Trojans do not have the ability to infect others files on their own or from moving within the network or compromised computer. For more information you can read the article what is the difference between viruses and malware

Just like the legend of the famous Trojan horse used by the Greeks to hide their soldiers and enter the city of Troy, convincing the guards that it was a gift from the gods, computer Trojans are characterized due to its modus operandi of disguising itself and giving a harmless appearance, hiding its true malicious function with the intention of getting the user to download it, allow its entry into the system and execute it. Trojans generally do not infect other system files and require user intervention in order to spread.

As a preview, it is worth mentioning that there are a wide variety of Trojans and each one can be very different from one another in terms of their capabilities and the actions they perform on the victim's device, such as downloaders, bankers (also known as banking trojans), backdoors, droppers, keyloggers, or bots.

On the other hand, to infiltrate a victim's device, Trojans use other means, such as downloads, exploiting vulnerabilities, social engineering techniques, among others.

It became popular in the 1980s and by the end of that decade the first Trojans could be identified, which began to spread in the early 1990s with the Internet.

Main characteristics of Trojans

Trojans are usually malicious code with a certain sophistication, although this of course also depends on the objective and skill of those who have developed it. Some of the most common characteristics of Trojans are:

Most common types of Trojans

What is a computer Trojan | WeLiveSecurity

As we said at the beginning of this article, the term Trojan encompasses several types of malware. Some of the various types of Trojans that exist are:

Backdoor Trojans: The famous “back doors” that offer the attacker more refined control of the infected computer. Some of these Trojans can show the attacker the victim's screen in real time, record audio, use the mouse and keyboard, create, delete and edit files, as well as download and steal information.

Banking Trojans: This type of Trojan is designed with the objective of stealing the user's banking information, be it passwords or credentials to access the online banking system or the banking application, as well as information about accounts and cards of credit.

Ransomware Trojans: One of the most dangerous types of malware that exists today is the ransomware Trojan, which has the ability to encrypt documents or lock an infected computer. The attackers could ask for some kind of payment in exchange for decrypting the information, or restoring the use of the compromised systems.

Downloader Trojans: Once it has gained access to a computer, this type of Trojan will seek to download other threats, whether they are other types of Trojans or Adware.

Dropper Trojans: This type of Trojan is usually obfuscated and protected in some way to make it difficult to scan and detect. Its function is to install some kind of threat that is hidden inside it.

Spyware Trojans: Very similar to Backdoors, spyware Trojans seek to record all kinds of information on the computer, as well as take screenshots, videos, audio, and send it to an attacker. This process is usually automated.

Related reading: Latin American Banking Trojans: Analysis of New Malware Families

Examples of Known Trojans

The notorious Spyware FinFisher (also known as FinSpy) is another example of a Trojan. It is known for its extensive capabilities to spy on and maliciously use webcams, microphones, keyloggers, and file exfiltrating abilities. At the time it was marketed by its developers as a tool for security forces, but it is believed that it has also been used by oppressive regimes. To hide his true purpose, FinFisher uses various disguises. In one of its campaigns discovered by ESET, it was posing as an installer of popular programs, such as browsers and media players. It has also been distributed via phishing emails that included fake attachments or fake software updates.

More here in time we can talk about Emotet, a popular trojan that started as a banking trojan but over time became a modular malware widely used to download other malicious code, such as TrickBot and Qbot, for example, in victim teams.

Trojans targeting mobile devices

However, Trojans are not just a threat to computers. A lot of mobile malware (especially for Android) also falls into this category. DoubleLocker was an innovative Ransomware family that disguised itself as an update to Adobe Flash Player. This threat infiltrated a mobile device through Accessibility services, encrypting the data and locking the screen using a random PIN code. Subsequently, the attacker demanded a payment in bitcoin to unlock the device.

More here in time we have observed different campaigns that seek to distribute Trojans for Android through official stores such as Google Play that pretend to be games, social network applications, battery managers, weather applications, video players, among other functionalities. The goal of these Trojans is to hide inside users' computers while collecting sensitive information, such as login credentials for other applications.

How to protect yourself from Trojans

The term Trojan includes various types of malicious software and can be avoided by following some recommendations such as those mentioned in the following articles:

Finally, it's worth mentioning that many Trojans exploit vulnerabilities in victims' systems in order to infiltrate them. To mitigate these vulnerabilities, users are advised to keep their computers up-to-date and patch regularly, not just their operating system, but any software you use.

Facundo Muñoz

Newsletter

Newsletter

Similar Items

Computer Threats

LuxPlague: Actor Targeting Argentinian Corporate Users With Malware

Computer Threats

What is a dropper and what is the function of this threat

Computer Threats

What is a Man-in-the-Middle attack and how does it work

Computer Threats

Emotet is back and is being distributed via emails with malicious attachments

Discussion