A Trojan horse—also called a Trojan virus or simply a Trojan—is a type of malware that disguises itself as legitimate software. They appear innocent or beneficial from the outside, but these files execute harmful actions, from installing spyware to encrypting critical files once users interact with them.
Trojan horses accounted for at least six of the 11 most common malware strains in 2021, according to the Cybersecurity and Infrastructure Security Agency (CISA). In light of this threat, businesses should learn all they can about Trojans to stay safe.
What does a Trojan horse virus do?
Trojan horses deceive people into thinking they’re harmless. Once a user installs or runs the application, it executes the hidden malware.
Despite the moniker “Trojan virus,” these programs aren’t technically viruses. Whereas a virus can execute and replicate itself, a Trojan requires action from the users to run and spread. That’s why they disguise themselves as legitimate programs people want to download and install.
Once inside a system, Trojans can perform a wide range of attacks. Because of their deceiving nature, many cybercriminals use them to quietly spread spyware or ransomware behind the scenes. However, some Trojan strains immediately carry out more noticeable attacks when users run them.
5 types of Trojan horses
Trojans are a remarkably popular type of malware and can appear in forms as varied as backdoor Trojans, DDoS Trojans, downloaders, ransom Trojans, and rootkit Trojans.
1. Backdoor Trojans
A backdoor Trojan installs a backdoor on your computer once inside, granting cybercriminals remote access. Attackers often use them to create botnets, which carried out hundreds of thousands of attacks in 2022 alone.
2. DDoS Trojans
Distributed denial of service (DDoS) Trojans often overlap with backdoor Trojans. These malware strains take control of an infected computer to overload a website or network with requests as part of a DDoS attack.
3. Downloader Trojans
Downloader Trojans serve as the first step to larger attacks. Once users install these programs, the Trojan downloads other malicious software, much like how malvertising installs malware through seemingly innocuous ads. Some of these attacks just download adware, but cybercriminals also use them to spread more damaging software.
4. Ransom Trojans
Ransom Trojans are some of the most disruptive types. These slowly spread across users’ devices, hindering performance or blocking critical data, demanding a ransom in return for undoing the damage.
5. Rootkit Trojans
A rootkit Trojan conceals itself or other malware so it can run malicious programs undetected for longer. They buy cybercriminals more time, enabling much larger, potentially damaging attacks.
Best practices to prevent Trojan horse viruses
Trojans can cause considerable damage, so businesses should try to prevent them as much as possible. Prevention starts with better credential management, as 90% of all cyberattacks originate from compromised usernames or passwords. Use multifactor authentication (MFA) and vary passwords between accounts to stop an attacker from infiltrating your account and installing a Trojan.
User education is also important, as Trojans try to trick people into thinking they’re harmless. Employees should know to never click on unsolicited links, download software from unverified sources, or open attachments from people they don’t know.
Scanning email attachments before clicking on them can also help identify Trojans before accidentally installing them. Users should avoid visiting potentially unsafe websites; stricter network administrator policies and security software can help with this by establishing blocklists and allowlists of certain sites.. Ad blockers are another useful tool, as they can prevent Trojan attacks originating from malvertising.
How to detect and recover from Trojan attacks
Even with these preventive measures, businesses should never assume they won’t experience a successful attack. Almost half of all small businesses have fallen victim to cyberattacks in the past year. A plan to detect and recover from successful Trojan attacks will mitigate their impact.
Because Trojans operate behind the scenes, they’re difficult to spot manually. Sudden performance changes or changing settings are telltale signs, but at that point, most of the damage is already done. The best way to detect Trojans is with anti-malware or antivirus software.
Regular security scans can detect malicious code hidden within seemingly harmless files and alert you to the issue. You can then use this software to remove the infected programs safely. Be sure to keep anti-malware solutions updated to ensure they can detect changing attack vectors and new Trojan strains.
Trojans on phones and mobile devices
It’s important to recognize that Trojans can impact mobile devices, too. Laptop and desktop computers are still the most common targets, but malware strains are also starting to affect phones and tablets.
Trojans are the most common type of mobile malware, with downloader Trojans alone accounting for 26.28% of all threats. Many of these are apps, often pretending to be legitimate. Cybercriminals can also install Trojans on a mobile device through malicious links in text messages or emails.
Users should only download apps from first-party stores to avoid downloading mobile Trojan horses. Similarly, you should avoid clicking links on unsolicited texts, emails, or messages from unknown sources. Using an anti-malware solution with support for mobile operating systems will also help.
Real-world examples of Trojan viruses
Whether mobile or otherwise, these threats are more than just theoretical. Trojan attacks have affected thousands, if not millions, of users, including several high-profile organizations.
One of the most infamous Trojan examples is Emotet, which first emerged in 2014 as a banking Trojan, targeting users’ accounts. It evolved to carry a wide range of different malware strains, leading to 16,000 alerts in 2020 as more cybercriminals embraced it.
Zeus—also called Zbot—is another infamous Trojan. This malware strain gained notoriety in 2007 when it stole information from more than 1,000 computers belonging to the U.S. Department of Transportation. After infecting devices, the Trojan would log keystrokes to learn users’ passwords, banking info, and more.
The Rakhni Trojan first appeared in 2013 and became popular again in 2018 as its use cases expanded. Rakhni lets cybercriminals either infect targets’ devices with ransomware or take control of them to mine cryptocurrency.
5 antivirus tools that prevent and detect Trojan horses
Reliable anti-malware tools are your best defense against Trojans. These five solutions represent some of the leading options for preventing, detecting, and removing Trojan viruses today.
1. Bitdefender Total Security
Bitdefender Total Security offers a comprehensive security platform, including a cloud-based malware scanner, phishing protection, and support for virtually all operating systems. This coverage helps prevent Trojan infections on any device. It’s available both as a stripped-down free version, and a subscription starting at $39.99 per year for coverage for five devices.
2. Avast One
Avast One offers advanced malware scanning on all device types, including mobile endpoints. It also has anti-phishing and ransomware prevention features and has a free tier for users with smaller budgets, as well as individual and family plans starting at $4.19 per month for five devices.
3. Norton 360 Deluxe
Norton is the most popular provider of paid antivirus, and its 360 Deluxe platform is ideal for stopping Trojans. It uses machine learning to detect suspicious activity, helping it spot Trojans faster and more accurately. They have a variety of subscription tiers, starting at $19.99 per year for a single device, or $49.99 per year for five devices.
4. McAfee Total Protection
McAfee Total Protection also uses AI to detect malware like Trojans. It has useful restoration features to recover stolen data and manage accounts in the event of a successful Trojan attack. It offers a basic, single-device subscription for $49.99 per year, or more advanced security starting at $64.99 per year for five devices.
Malwarebytes deserves mention as a free alternative to these paid anti-Trojan solutions. However, it requires you to manually start a scan instead of monitoring devices automatically. Since 85% of data breaches stem from human error, reliance on manual processes isn’t ideal, but it is better than nothing. Malwarebytes does also offer paid enterprise-level protection plans starting at $69.99 per device, per year—but you have to enroll at least 10 devices.
Bottom line: Protecting your organization from Trojan horses
Trojan horse viruses are some of the most pervasive and potentially difficult-to-spot threats facing companies today. However, the right approach can prevent and remove them effectively. You can stay safe when you know what these programs do, how they infect devices, and how you can address them.