Under Attack? Contact Us Start a Free Demo

What is a Trojan?


The term “Trojan” is typically derived from the ancient Greek story of Troy. Trojans work similarly to the wooden horse in the story, introducing something unexpected under disguise. Trojans are malware disguising themselves as a legitimate file to trick the victims into clicking, downloading, or installing the malicious software onto the machine. It generally infects files, systems, or memory by concealing its actual content so that the user thinks it is a harmless file. Once installed, a trojan can pose a range of threats and risks to the victim’s assets, data, and the infected networks.

Trojans were one of the first cyber-security threats emerging as computers became more common in business and personal use. The first Trojan, called “Animal,” was invented in 1975 by John Walker. Trojans are programmed to perform a wide variety of malicious tasks. Phishing and other types of social engineering are typical delivery mechanisms. They may damage a computer in various ways, from rooting around on the hard drive to steal data to recording keystrokes that may reveal personal information or account numbers, all the way to shutting down the computer at random or deleting the entire hard drive. It can also perform blocking data, change data, copying data, gain back door access and disrupt the performance of computers or computer networks, erase data, and steal data. Trojans can operate remotely, making it easier to infect hardware and networks that are not physically accessible. Malware keeps getting better and harder to detect.

How Do Trojans work?

These days, trojans typically spread through legitimate-looking emails and files attached to emails, which are sent through spam to reach the inboxes of as many people as possible. The trojan will execute the hacker’s desired action once the email is opened and the malicious attachment is downloaded and executed. It can be either infecting the files, encrypting the file systems, providing access of the machine to the threat actor, automatically connecting to the C2C server every time the device turns on, etc. A Trojan can also be installed on a device through social engineering techniques, which criminals use to persuade people to download the malicious application. These social engineering techniques can hide malicious files in banner ads, pop-ups, or website links. For example, a user might receive an email that appears to come from a legitimate source. The malicious attachment in the email seems to be genuine. Many people would not hesitate to click on the link or attachment in the emails since they appear to come from a trusted source. As a result, once the link or attachment is clicked, a trojan will be downloaded on the device and infect the device.

Trojan vs. Virus

Trojan, unlike computer viruses, cannot manifest and propagate themselves without the help of human intervention. Therefore, the user must download and execute the malicious trojan application to trigger the infection. Essentially, the executable (.exe) file and the program need to be installed for the trojan to infect the device. The infection and damage can vary depending on the type of trojan and its design, whether the malware deletes itself, returns to dormancy, exfiltrates to C2C, or remains active on the device and waits for instructions.

Types of Trojans

Cybercriminals use trojans to trick the victims and accomplish malicious motives. These trojans are evolved, and the following are some of the various types of trojan categories:

Examples of Trojans/Trojan Attacks

Trojans were responsible for damaging computers, stealing user data, and causing disaster to the victim organizations. A few well-known examples of trojans and trojan attacks are as follows:

  • Emotet is considered the most famous trojan recognized by the U.S. Department of Homeland Security. Emotet is used to steal financial information, such as bank logins and cryptocurrency.
  • Zeus is a trojan toolkit targeting financial services and enabling hackers to construct their malware. The source code uses form-grabbing and keystroke logging to obtain user credentials and financial information.
  • Wirenet is a phishing trojan that targets Linux and OSX users, many of whom switch from Windows due to perceived security vulnerabilities.
  • Rakhni is a trojan horse that distributes ransomware and cryptojackers, enabling attackers to use the devices to mine cryptocurrency and infect computers.
  • Tiny Banker trojan enables hackers to access the financial details of users. It was discovered when it infected at least 20 banks in the United States.
  • Sunburst trojan has been detected on several SolarWinds Orion platforms. trojanized versions of the legitimate SolarWinds Orion.Core.BusinessLayer.dll were installed across millions of servers and compromised hundreds of organizations across the globe. After two weeks of dormancy, this trojan retrieves commands to use to transfer, execute, perform surveillance, reboot, and stop system services. This sunburst attack is considered the biggest cyberattack, infecting most companies globally.

How to Prevent Trojan Infection

Trojans can look like any benign and legitimate program. However, you can prevent the Trojan infection through various measures:

  • Do not click or download applications or files from untrusted sources
  • When you receive an email with attachments from unknown sources that look like a receipt, invoice, or any urgency in the text, never click on such emails.
  • It is not advisable to visit suspicious websites.
  • Do not download unpatched software.
  • Download software from original websites.
  • Do not download and install cracked versions of the legitimate software.
  • If possible, validate the hash values of the applications from the source website.

How to Detect Trojans?

Cyber security threats and ransomware attacks are increasing at a tremendous pace. It is extremely difficult for cyber security analysts and incident responders to investigate and detect cyber security threats using conventional tools and techniques. NetSecurity’s ThreatResponder, with its diverse capabilities, can help your team detect the most advanced cyber threats, including APTs, zero-day attacks, trojan, and ransomware attacks. It can also help automate incident response actions across millions of endpoints, making it easy, fast, and hassle-free.

Want to try our ThreatResponder, cutting-edge Endpoint Detection & Response (EDR) security solution in action? Click on the below button to request a free demo of our NetSecurity’s ThreatResponderplatform.


The page’s content shall be deemed proprietary and privileged information of NETSECURITY CORPORATION. It shall be noted that NETSECURITY CORPORATION copyrights the contents of this page. Any violation/misuse/unauthorized use of this content “as is” or “modified” shall be considered illegal and subjected to articles and provisions that have been stipulated in the General Data Protection Regulation (GDPR) and Personal Data Protection Law (PDPL).