The name “Trojan” is taken from Greek legend, and the story goes a long way toward explaining what Trojan malware is.
During the siege of Troy, the Greeks built a giant wooden horse which they left outside the city walls. Then, they retreated. After a spy convinced them that the horse was an offering to the gods that would make their city impregnable, the Trojans dragged the horse into their city. During the night, Greek soldiers who had been hiding inside the horse emerged, opening the gates of Troy to the invading Greeks.
To sum this up, a seemingly beneficial item concealed a threat. The way Trojan malware works parallels this story very well.
Trojan Malware Definition
Trojan malware hides itself in what appear to be innocuous items including websites, emails, software, images, and documents. Once it is unwittingly installed, attackers are able to perform any action that the legitimate user can – depending on the Trojan’s purpose and function. This can include exporting or modifying information or deleting files. Although they are often concealed in downloads that users find on their own, social engineering tactics that actively convince users to open the door to the Trojan are sometimes used.
Types and Examples of Trojan Malware
Backdoor Trojans and Remote Access Trojans (RATs)
Technically, not all backdoor attacks use Trojans. Backdoors can also be opened by “worms.” However, Trojans do open an illicit route that allows attackers to access devices, so the terms “Trojan” and “backdoor Trojan” are often seen as being interchangeable. Sometimes, backdoor Trojans are called remote access Trojans (RATs).
Recently, a Ukrainian company doing business in Finland was affected by a RAT or backdoor Trojan. The intent was cyberespionage, and various Ukrainian organisations were targeted. The Trojan was concealed in a software installation package under the name “DockerSystem_Gzv3.exe.” Closer to home, The Telegraph alerted consumers to a rise in backdoor Trojan attacks on smart devices in 2023. Old threats also resurfaced in updated formats. For example, Revenge RAT was once again making headlines in 2023.
Banking Trojans
With nearly every individual and organisation relying on online banking, banking Trojans are a rich source of information and income for cyber attackers. And, of course, banks themselves must often fend off Trojan attacks aimed at stealing customer information on a larger scale.
Since 2020, a banking Trojan dubbed Anatsa has targeted banks and their customers. This threat has only grown, with 2023 dropper campaigns encouraging mobile phone users to download PDF readers which opened the door to the Trojan.
Downloader Trojans
If bad actors can sneak a single, inconspicuous Trojan onto a device, others may follow. Downloader Trojans download and install additional malicious software without the legitimate user’s knowledge.
Ursnif, which has also been named Gozi or Dreamboat, is a current threat. The Trojan is distributed via emails with attachments. It has been linked to downloading ransomware and also acts as a banking Trojan. It’s very good at hiding itself from anti-malware software, and should be seen as a very real threat.
Distributed Denial of Service (DDoS) Trojans
DDoS attacks consist of a bombardment of traffic aimed at crashing networks. To generate traffic, attackers use DDoS Trojans to infect devices and create botnets. Once there, the Trojan uses your device to attack systems.
Research results published in Security Magazine indicate that DDoS attacks increased by 40 percent in the second quarter of 2023 and indications are that they are still a very real threat.
Rootkit Trojans
There’s some argument about whether rootkits really are Trojans, but they certainly have enough in common with them to account for the confusion. They are delivered in the same way as Trojans and consist of a set of tools that allow cybercriminals to take control of infected devices.
In the 2010s, ZeroAccess, a rootkit Trojan, deactivated Windows security features. With the defences down, attackers used affected devices to form part of a botnet engaged in fraudulent activity. Today, rootkits have only become more sophisticated, with their ability to “hide” making them difficult to detect.
Ransomware Trojans
With Trojans providing a backdoor into systems, cybercriminals can execute all manner of attacks – including ransomware attacks. A Trojan can encrypt data, making it impossible for legitimate users to access it. This allows criminals to extort ransoms from organisations desperate to recover access to their vital data.
Infostealer Trojans
Information stolen from organisations has hit many organisations hard, causing reputational harm and adversely impacting consumers’ trust in them. The Qbot family was among the most common Trojans to blame for stolen information in 2023. Qbots are most often used to steal login information – with predictable and painful consequences for affected users and any organisations it gains access to.
Mailfinder Trojans
Whether carefully targeted or sent to as many people as possible, scams and cyberattacks often exploit email. Mailfinder Trojans harvest your email contact list, allowing cybercriminals to use stolen contact details to further their reach.
Bogus Antivirus Trojans
A bogus antivirus Trojan alerts you to a “threat” on your computer. It may look like it comes from a reputable company like McAfee or Norton and often asks you to pay for the “threat” to be removed. In a related strategy, certain websites are infected with pop ups offering you a free solution to a bogus threat – if you download software. If you follow the prompt, your device can be infected with malware.
Exploit Trojans
Exploit Trojans search for known vulnerabilities in systems and, as the name suggests, proceed to exploit these weaknesses.
Mobile Phone Trojans
A wide range of Trojans can affect mobile phones. These range from SMS Trojans that send SMSes to premium services to banking Trojans, ransomware Trojans and dropper (or download) Trojans. Trojans concealed in apps downloadable from Google Play and other marketplaces received a great deal of attention in 2023.
How to Recognise a Trojan Attack
Not all Trojans will make their presence felt, often making this type of cyber attack difficult to detect. However, some Trojans will give their presence away by:
- Slowing down your device
- Causing unusual messages and popups to appear
- Interrupting your internet connection
- Opening unusual windows or browsers to trick you into visiting a malicious site
- Directing your browser to sites you didn’t intend to visit
- Deactivating your virus protection or firewall
- Causing files to vanish
- Executing programs or closing programs without your intervention
- Running hard drives and routers even when computers are not in use
What to Do If You Suspect a Trojan Attack
Removing a Trojan can be a complex process for which you will need qualified support. If you suspect that you’re affected by a Trojan or some other form of malware, start by turning off your internet connection.
It’s possible that your personal files are infected. If you want to try backing them up, save them on an external storage device – but remember that they can’t be trusted.
In some instances, it will be necessary to reinstall the operating system from scratch. Remember that malware and virus scans don’t always pick up Trojans, so don’t assume that your device is safe until you’re given the all-clear by a cyber security professional.
How to Prevent Trojan Malware From Affecting You
You can reduce risk and limit potential damage caused by malware, including Trojans, in the following ways:
- Use approved cyber security tools and keep them up to date
- Use secure authentication methods like biometrics and multifactor authentication
- Be particularly cautious when using administrator accounts – limit their use to be on the safe side
- Patches and updates for the operating system and software you use can help to block malware – update regularly and delete old software you don’t use
- Only use secure networks and VPNs when accessing networks remotely
- Implement routine checks of log reports
- Control access with firewalls, intrusion detection systems, and intrusion prevention systems
- Don’t leave unused accounts, ports or protocols in service
- Only allow users in your organisation access to data and system components that they need to do their work
- Restrict application privileges to those that are absolutely necessary
- Scan incoming mails and attachments for malware
- Never open suspicious-looking attachments
- Only allow users to access approved links
- Log all incoming and outgoing traffic and monitor for anomalies
- Involve and inform your team
- Partner with enterprise-level cyber security specialists
How Advantex Protects Your Organisation
Trying to piece together your cyber security with packages and programmes obtained from multiple sources could mean that there are fatal chinks in your armour. Advantex integrates solutions from top providers, ensuring that you’re protected by advanced cyber security measures that work together to form a formidable barrier against cyberattacks.
No matter how good your security is, it only works well when everyone in your organisation knows how to limit risks and work securely. We evaluate current practices, run simulations, and let you know whether we’ve detected any vulnerabilities. This helps you and your staff to work safely.
Let’s not forget that some cybercriminals are extremely clever. They’re constantly searching for new ways to breach defences, and they will go to great lengths to get targets to download their malware. If the worst were to happen, you need uncorrupted backups to help you minimise downtime. With Advantex, you can get back up and running in a matter of minutes. If you’re worried about cyber threats, you’re being realistic not paranoid – contact us today to get peace of mind with our Cyber Security Services.