What is a Trojan?
A trojan is a type of malware that, unlike viruses and worms, does not self-replicate. Named after the mythological wooden horse used to sneak Greek warriors through the gates of Troy, trojans are often disguised as legitimate software in order to avoid detection or trick users into installing the trojan onto their system. Users can be exposed to trojans through numerous vectors, such as clicking on links or opening attachments in phishing emails, other forms of social engineering, malicious advertising (malvertisting), or by visiting compromised websites, known as drive-by downloads. Once a trojan executes, it often downloads other malware onto the system or provides an attacker with a backdoor to gain access and conduct further malicious activity, such as stealing, deleting, or modifying data.
Trojans typically seek to perform one or more of the following activities:
- Damage: Trojans can wreak havoc on a computer system by forcing it to slow down or completely crash, corrupting data, reformatting discs, or encrypting data (see ransomware).
- Control: Trojans used to enlist a computer or server into a botnet.
- Spying: Trojans are used to access files, log keystrokes, watch the user’s screen, access and enable the webcam or microphone.
- Theft: Trojans are used to steal personal, medical, or financial information that is then sold on the dark web or used to commit identity theft or fraud. Attackers can also use compromised financial information to transfer funds electronically.
- Ransom: Trojans can serve as ransomware, encrypting files or locking down a system until a ransom is paid by the victim.
How Do Trojans Work?
- Installation: A trojan is typically introduced onto a system after a user-initiated action, either through social engineering, web-browsing, or use of file-sharing or peer-to-peer networks.
- Command and Control: Once a victim unknowingly allows a trojan onto their machine, it connects to the malicious server to receive instructions from the attacker.
- Download: Trojans will often load additional malware onto the compromised system, such as keyloggers, remote administration tools, or ransomware.
- Objective: Once the attacker has installed the right tools or established the access they need, they can copy, delete, and modify data, cause damage to the compromised device, or maintain control over the system for other malicious purposes.
Known trojan Variants
The below list is not exhaustive and is meant to provide an overview of the most prevalent trojans impacting world victims. This page is updated regularly with new information.
Lost Door RAT
Defending against Trojans
Following basic best practices will decrease your chances of being compromised by a trojan:
- Use a reputable antivirus program and set to update automatically
- Run antivirus scans as frequent as possible
- Ensure your firewall is enabled
- Only download software and files from legitimate sources
- Scan all files and programs before installing them
- Update your operating system and all software as soon as updates become available
- Require administrative permission to install new apps and programs
- Never open email attachments or links in suspicious emails
- Avoid clicking online ads or pop-ups
- Avoid illegitimate or suspicious websites and file-sharing services
If your organization is the victim of a trojan attack, or would like to learn more about the NJCCIC, please contact a Cyber Security Expert at firstname.lastname@example.org.