What is a Trojan Horse attack and how to prevent it?

Read time 5 mins

Written February 2021


When Virgil wrote his epic poem The Aeneid between 29 and 19 BC, little did he know that his work would echo through the ages. One section of the Latin masterpiece that has stood the test of time more than any other is the story of the Trojan horse: the Greek army’s cunning plan to enter the walled city of Troy using subterfuge. Instead of attacking the city’s walls, they appeared to sail away, leaving behind a giant wooden horse as a token of surrender. Drunk on victory, the Trojans wheeled the horse inside the city, only to discover their enemy was hidden inside the whole time – before meeting a sticky end.

Fast-forward over 2,000 years, and Trojan horse attacks are more common than ever, just in a Cyber world instead of a physical structure. Like its namesake, the modern incarnation – “Trojans” for short – uses deception. Only now, the perpetrators – Cybercriminals – have replaced swords, shields and wooden horses with social engineering, as they attempt to trick unsuspecting users into running seemingly benign computer programmes that hide malicious ulterior motives. Rather than trying to ransack a city, they are attempting to damage, disrupt, steal, or inflict harmful action on your network and systems.

What is a Trojan?

Today a Trojan horse attack can be defined as: “a programme downloaded and installed on a device that appears harmless, but is, in fact, malicious.”

People often assume a Trojan is a virus or a worm, but it’s neither. Unlike viruses, Trojans don’t self-replicate by infecting other files or computers. Instead, a Trojan is the decoy, ushering in the malicious software (malware), which is disguised to hide its nefarious intent. Therefore, “Trojan” is essentially an overarching term for the delivery strategy hackers use to unleash a particular threat – either acting as a bit of standalone malware or as a tool for other activities.

Cybercriminals have various Trojans at their disposal, depending on their intent. Once inside your networks or systems, they can perform destructive actions before you even know they are there. Some will lay dormant on your computer, waiting for further instructions from the attacker; others begin their malicious activity straightaway.

Cybercriminals can use Trojans to transfer malware onto a device, so they can:

  • Log keyboard strokes to compromise the victim’s account data.
  • Install spyware that conceals itself while it steals valuable information like personal and financial data.
  • Install ransomware to encrypt the victim’s data or block their device before extorting money for the decryption key.
  • Activate the device’s camera and recording capabilities.
  • Render the device a zombie, so it can be used to perform malicious tasks under remote direction.


Trojan infection methods

Trojans have many faces, meaning they can look like something legitimate that you need: free software, music, browser advertisements, apps – the list is endless, and user behaviour plays a big part in Trojan infections, including:

  • Downloading cracked applications
  • Downloading unknown free programmes
  • Opening infected attachments
  • Visiting suspicious websites
  • Using corrupted chat functions

Types of Trojans

Trojans can be classified according to the type of malicious actions they perform on your computer:

  • Backdoor Trojans: allow attackers to remotely access and control a computer, often to upload, download, or execute files.
  • Exploit Trojans: deliberately inject a device with code designed to take advantage of a weakness inherent to a specific piece of software.
  • Rootkit Trojans: these prevent the discovery of malware already infecting a system so it can cause maximum damage.
  • Banker Trojans: specifically targets personal information used for banking and other online transactions.
  • Distributed Denial of Service (DDoS) Trojans: execute DDoS attacks, whereby a network or device is disabled by a flood of requests originating from multiple sources.
  • Downloader Trojans: These are written files to download additional malware – often including more Trojans – onto a device.

How Trojans impact mobile devices

Laptops and desktop computers are not the only devices at risk from Trojans. They can also be used to attack mobile devices – such as smartphones and tablets – with tailored malware. These Trojans typically masquerade as legitimate apps on unofficial and pirate markets, enticing users to download them before infecting the device with ads and keyloggers.

Examples of Trojans that are used to target mobile devices include:

  • Switcher Trojans: this delivery strategy allows attackers to redirect traffic on these Wi-Fi connected devices and use them to commit Cybercrimes.
  • SMS or Dialler Trojans: these infect mobile devices and can send or intercept text messages.


How to prevent a Trojan

A comprehensive digital security strategy should include proactive security controls and end-user vigilance – the latter is the first line of defence, considering a Trojans main weapon is their ability to deceive users into letting them into a device.

Here are some top technical and behavioural tips that will help prevent your business from falling foul of a Trojan attack:

  • Install – and update – anti-malware software that can recognise malicious code, isolate it, and remove it quickly and effectively.
  • Change the default Windows settings, so the real application extensions are always visible.
  • Set automatic updates for your operating system software to ensure you have the latest security updates.
  • Keep your applications updated, ensuring any security vulnerabilities are patched.
  • Ignore pop-up ads that attempt to entice users to click through.
  • Back up files regularly so they can be easily recovered.
  • Operate behind a firewall where possible.
  • Never open or download emails or attachments from unknown sources or that looks suspicious in any way.
  • Use complex, unique passwords or passphrases which are different for every service or website you use
  • Only install or download programmes from verified, trustworthy sources.


How to detect at Trojan

As we have already established, Trojans are a delivery strategy for different types of malware. Therefore, if you suspect a Trojan has breached your device, you should look for the typical signs of malicious software. Symptoms include:

  • Poor device performance: is your device running slowly or crashing?
  • Strange device behaviour: are programmes you didn’t initiate running on your device, or are other unexplained processes being executed?
  • Pop-up and spam interruptions: are the number of interruptions from browser pop-ups or email spam increasing?


How to remove a Trojan

Once a Trojan infects a device, clean it up and restore it to the desired state using an effective automated anti-malware tool and perform a full system scan.

Having detected a Trojan, you may also be able to remove it manually following these steps:

  • Stop system restore: if you overlook this step, then it will restore the files you erase.
  • Restart your device: select “Safe Mode” when restarting your device.
  • Remove programmes: remove all programmes affected by the Trojan.
  • Remove extensions: erase all programme files by removing them from the system folder.
  • Restart your device in “Normal Mode”.


Don’t make the same mistake the Trojans did all those years ago by letting your enemy in through the front door. Cybercriminals are masters at the art of deception, so stay one step ahead of them by taking proactive measures to prevent Trojan attacks against your business.

Discover our Cyber Security services and how we could help protect your business.

Get In Touch