What is a trojan?
A trojan is malware that disguises itself as a legitimate program or file so it can infiltrate your computer and perform malicious actions. Attackers use social engineering tactics, tricking you into downloading or opening the infected file. Once inside, the trojan steals sensitive information, damages files, or gives attackers remote control of your system.
Many people ask, “Is a trojan a virus?” because they appear similar to viruses and are commonly referred to as " trojan viruses” and “trojan horse viruses.” However, a trojan is not a virus because it cannot execute or replicate itself. The user must run the trojan and share system permissions for it to activate.
How does a trojan work?
Trojans usually follow a predictable attack pattern that unfolds in three stages.
- 1.Infection: Trojans are disguised as legitimate software or arrive through phishing emails and malicious websites.
- 2.Activation: Once installed, the trojan’s hidden payload activates. This malicious code can steal passwords, encrypt files for ransom, or install keyloggers that record everything you type.
- 3.Exploitation: Many trojans establish backdoor connections to cybercriminals, allowing hackers to remotely control your device, download additional malware, or use your computer in larger attack networks.
Types of trojans
Trojans come in many forms, each designed to carry out different malicious tasks. Let’s take a look at the most common types of trojans and how they work:
- Backdoor trojans access your computer and allow hackers to execute commands, spy on your data, and perform other malicious actions.
- Banking trojans have a multifaceted approach. Hackers create fake websites while impersonating well-known banking institutions and use keyloggers to steal credentials, such as passwords, credit card details, and authentication information. Common types of banking trojans include Zeus malware and Emotet malware.
- DDoS trojans infect devices to recruit them into botnets that launch distributed denial-of-service attacks.
- Fake antivirus trojans are disguised as legitimate security software. They then cause panic by claiming your system is infected, pushing you to pay for additional features to “solve” the problem.
- Ransom trojans encrypt your data and hold it for ransom, like Locky ransomware. Ransomware often targets healthcare institutions because they’re more likely to pay hackers to get their systems to work again.
- Exploit trojans attempt to exploit an application’s or computer system’s vulnerabilities. Hackers will create phishing attacks and use a program to exploit known vulnerabilities.
- Trojan SMS can send text messages to premium rate numbers and intercept your communications. They may cause less trouble than other types of a trojan but can still cost victims a lot.
- GameThief trojans attempt to steal credentials for online gaming accounts, which are in high demand on the dark web.
- Mailfinder trojans can extract email addresses from a victim's device and send them to a hacker, who can use them to plan other attacks.
- Trojan-spy is spyware built to spy on victims for various purposes, such as stealing sensitive data or gathering intelligence.
- Instant messaging (IM) trojans focus on stealing logins and passwords for IM services. Hackers may target messaging platforms like MSN Messenger, AOL Instant Messenger, and Yahoo Pager.
- Remote access trojan is like a backdoor trojan that allows the hacker to control a victim’s computer completely. Hackers access the device via a remote network connection and can steal information or spy on the victim.
- SUNBURST is a trojan virus used on the SolarWinds Orion Platform. Victims' accounts were exposed by a trojanized version of a real SolarWinds digitally signed file named SolarWinds.Orion.Core.BusinessLayer.dll. The trojan file is a backdoor, and once on a target device, it stays dormant for two weeks and then recalls commands to steal information and stop system services.
The table below outlines common Trojan types, their typical behavior, and well-known examples associated with each.
| Trojan type | Purpose | Example |
|---|---|---|
| Backdoor trojan | Gains remote access to control your system, spy on data, and allow other malware in | Poison Ivy, njRAT |
| Banking trojan | Steals banking credentials via fake sites and keyloggers | Zeus, Emotet |
| DDoS trojan | Recruits infected devices to launch distributed denial-of-service attacks | BlackEnergy |
| Fake antivirus trojan | Pretends to be antivirus software, tricks users into paying for fake cleanup | FakeAV, Antivirus 2009 |
| Ransom trojan | Encrypts data and demands ransom for decryption | Locky, WannaCry |
| Exploit trojan | Exploits system or app vulnerabilities through phishing and other attacks | Angler Exploit Kit |
| Trojan SMS | Sends texts to premium-rate numbers, intercepts communications | SLocker |
| GameThief trojan | Steals credentials for online gaming accounts | GameThief |
| Mailfinder trojan | Extracts email addresses for further attacks | — |
| Trojan-spy | Spies on users to steal sensitive data | SpyEye, DarkComet |
| Instant messaging trojan | Steals logins and passwords for IM platforms | IMTrojan |
| Remote access trojan | Allows full remote control over infected devices | Back Orifice, njRAT |
| SUNBURST | Backdoor Trojan targeting SolarWinds Orion, steals info and disables services | SolarWinds.Orion.Core.BusinessLayer.dll |
How to detect a trojan
Trojans can be hard to detect. Still, certain warning signs may indicate your device has been infected:
- Your battery drains faster than usual.
- Applications take longer to load.
- Pop-ups keep showing up as you use the device.
- Your device uses more data/internet bandwidth than it should.
- You spot applications, files, or other items that you don’t recall downloading.
- Your phone bill is higher than usual.
How to remove a trojan
Trojans can infect all types of devices, from computers to mobile devices. Learn how to remove it on computers, iPhones, and Android devices.
How to remove a trojan from a computer
You can remove trojans from your computer using these steps:
- 1.Disconnect your computer from the internet so hackers can’t execute any more commands remotely. You should also shut down the device to stop the malware from spreading.
- 2.Restart your computer in safe mode, which allows you to find and delete the malware.
- 3.Check all the apps that run in the background and identify any you believe are malicious or that you don’t recognize.
- 4.Delete or uninstall anything you believe is suspicious. This step should remove the malware, but it may not solve the problem if the malicious software has spread.
How to remove a trojan from an iPhone
iOS trojans are rare and mostly occur on jailbroken devices, which is why it isn’t advisable to jailbreak an iOS device in the first place. Follow these steps to remove a trojan from an iPhone:
- 1.Restart your iPhone. This step may stop malicious activity in its tracks.
- 2.Delete suspicious apps. If you don’t recognize an app, it could be malicious. Removing any unknown applications is a simple way to reduce this threat.
- 3.Factory reset your phone. A factory reset restores an iPhone to its original condition, removing malware. Keep in mind that a factory reset erases all data and settings.
If you’d like to learn more, you can take a look at our article on how to remove malware from an iPhone.
How to remove a trojan from an Android device
While Android phones offer greater flexibility and customization, this openness can sometimes make them more vulnerable to malware compared to iPhones, which operate within a more tightly controlled ecosystem. If you suspect your Android device is infected with a trojan, follow these steps to remove it:
- 1.Turn off your phone. This step can stop malware from spreading and may prevent it from worsening on your device.
- 2.Power on the device in safe or emergency mode. When you’ve identified which application must be deleted, you can turn on the device in safe or emergency mode.
- 3.Use the device’s settings to pinpoint the malicious app. You can scroll through a list of apps on your Android device to find the infected download.
- 4.Remove the infected application. If you cannot remove the app, your phone may have been hijacked by ransomware. To get around this threat, you can go to the device’s security settings and update the phone’s device administrators to delete the app.
If you’d like to learn more, you can take a look at our article on how to remove malware from Android devices.
How to protect yourself from a trojan
A trojan typically originates from suspicious links and fake apps. If you want to ensure you’re protected from trojan malware, you can follow these tactics:
- Avoid clicking on and opening suspicious links.
- Only download apps from the official App Store.
- Use security software on all devices.
- Update software regularly.
Online security starts with a click.
Stay safe with the world’s leading VPN
