Trojan

A quick guide to trojans - what they are, how they work and the consequences of a trojan infecting your computer or smartphone.

A trojan is a file or program that appears to be desirable or harmless, but secretly performs actions that are harmful to your device, data or privacy.

Much like the wooden horse of Greek mythology, a trojan is designed to be deceptive. They are usually carefully crafted to appear attractive or trustworthy. Many will even use the exact same colors, icons, designs and texts of legitimate programs to appear authentic.

Tricking the user

Trojans first and foremost rely on trickery or social engineering to lure users into unwittingly downloading or installing it. The authors of these trojans will often go to great lengths to make them look authentic, often disguising them as movie or music files, documents, games, product updates and so on.

Trojans are distributed in many ways - via websites, emails, through social media or file sharing networks, and even on removable media such as USB sticks. Their distribution also usually involve some sort of deception, such as promising a video or image if you click on a link, but then delivering the trojan instead.

Some trojans rely less on trickery and more on direct exploitation. These often target vulnerabilities in a program or device to forcibly download and install the trojan. These are just a few examples of how trojans are disguised and distributed:

  • Trojan:JS/Cryxos - A malicious script on a website displays a message that makes it appear as though your device is infected
  • Trojan:W97M/MaliciousMacro - A specially-crafted Microsoft Word document is circulated via email and when opened, silently downloads files from a remote server
  • Trojan-Downloader:OSX/Flashback - Early variants are disguised as fake Flash Player installers; later variants use an exploit to silently install themselves

Secret actions

If a trojan is installed onto a system, it is often very difficult for users to realize they are performing any harmful actions, as these are usually well camouflaged to keep the system from triggering any notification messages that might arouse the user's suspicions.

Most antivirus vendors will classify a trojan based on the specific type of action it silently performs. These are just a few of the types:

  • Downloader
    Contact a remote server and downloads other harmful programs from it
  • Dropper
    Contains one or more harmful components that it drops and installs
  • Spy
    Monitors activity on the device, or steals content from it
  • Password-stealer
    Steals passwords and other confidential details from the device
    • Banking trojan:  A specialized type of password-stealer, banking trojans monitor or intercept connections to online banking sites

Unmasking trojans

It can be very hard to tell the difference between a trojan and a legitimate program from just a cursory glance. This is why the recommended way to obtain programs is to download them yourselves from the the legitimate vendor's website, rather than from other, less reputable sources. You can also use reputable antimalware programs with a website security verification feature (such as Browsing Protection) to verify that the site itself is safe before downloading files from it.

If you receive an unknown file unexpectedly, even from a trusted contact, you can always ask the contact separately to confirm that the file is safe, just in case they had been unknowingly infected. You should also scan any new file or program before you run it with a reputable antimalware program (though you should first ensure that the antimalware program has the latest database updates).

One advantage mobile devices enjoy over their computer counterparts is that before any program can be installed, a notification message is displayed. The user has to manually click 'OK' before the file can be installed, which prevents a trojan from silently installing other harmful files on the device. User vigilance however is still strongly recommended.