In The Aeneid, the story of the Trojan War, a group of Greek soldiers hide inside a massive wooden horse as the rest of their army sails away. The Trojan army, thinking the horse to be a gift of surrender, brings the structure inside their high walls during the celebration.
Once inside, the Greek soldiers climb out for a devastating sneak attack.
Perhaps inspired by the legend, modern hackers have invented an incredibly devious form of malware delivery: The Trojan Horse.
In a Trojan horse attack, a criminal disguises malware as a legitimate piece of software (like a program or app) or even a harmless document (like a spreadsheet) to trick users into willingly installing it on their computer.
Though they’re designed to fool you, Trojans are relatively easy to spot and avoid if you know what to look for. Here’s our complete guide to staying safe from Trojan horse attacks.
How Do Trojans Work & Spread?
Hacking requires a lot of technical skill and know-how, in many cases.
Eventually, someone realized it might be easier to just manipulate people into installing malware directly onto their own computer.
That’s the goal of a Trojan, which refers specifically to the way a malware payload is delivered and is not a form of malware or a virus by itself.
Trojans can infect your computer and spread in a few different ways.
Email Attachments and Spam Messages
Have you ever received a bizarre looking email from a sender you don’t recognize that included a vaguely important-sounding attachment?
It might have said something like “Invoice,” “Overdue Bill,” or “Refund Check.”
These seemingly harmless email attachments are often Trojan horse attacks; meaning, if you download the document and open it, you’ll trigger the installation of dangerous malware on your device.
Freeware or Cracked Software
Another common way cybercriminals trick users into installing malware is by disguising it as a real piece of software.Freeware from unreputable Internet marketplaces can sometimes turn out to be malware, and so can “cracked” software — or free versions of software that normally cost money.
A drive-by download refers to a download onto your computer that you didn’t purposefully initiate.
This is a common form of malware distribution often seen on shady adult websites, software or media pirating sites, and the like. Just by visiting the site, your browser could trigger a download of malware with you even clicking anything.
Downloading files like movies or music over a torrenting service is risky business.
There’s no way of verifying the file on the other end, so one easy way for hackers to spread malware is to disguise it as a popular movie available for people to download for free.
Can Trojan Attacks Target Your Phone?
Smartphones aren’t safe from any malware, and they’re definitely not safe from Trojan attacks.
They work the same way on mobile phones as they do laptops or desktop computers — criminals will disguise malware as an app on some kind of unofficial or pirate app marketplace.
You won’t usually run into Trojans on official marketplaces like the iTunes App or Android stores. But when users go hunting in shady places for a free version of a paid app, they become more likely to unknowingly download malware onto their phone.
What Kinds of Malware Can Be Delivered with a Trojan?
Remember, a Trojan horse isn’t a specific kind of malware or virus. It simply refers to the delivery system hackers user to get malware onto your device.
The malware itself could be almost anything, but here are a few common kinds of malware often disguised via Trojan horse.
Spyware can be extraordinarily dangerous to have on your phone or computer.
Like the name suggests, spyware gathers your personal data and monitors your activity on the device. Information like your usernames and passwords, social security number, banking information, address, phone number, and more can be used to commit crimes or even sold on the black market.
Keylogger malware is a common threat, as it’s able to capture every keystroke you make and steal almost any sensitive information you enter into your device.
Ransomware, on the other hand, doesn’t bother with collecting any information about you. It simply gathers your most important data and then encrypts it so you can’t access it.
In order to receive the key to unlock your files, your prompted to pay a ransom — usually around a few hundred dollars.
If you don’t pay in time, all of your data will be deleted. Paying the ransom, however, is no guarantee you’ll get your files back.
Zombieware isn’t as outwardly malicious as spyware and ransomware. It usually runs quietly in the background and turns your computer into a “zombie,” meaning the hacker can take control of it whenever he or she wants.
Zombieware is usually deployed on thousands or even millions of machines in order to create a botnet, or a large collection of computers at a cyber criminal’s disposal.
Tips to Stay Safe from Trojans
Here’s the good news: Trojan’s aren’t too difficult to avoid if you know what you’re doing and practice a few safe Internet behaviors.
Start doing these 3 things now and you’ll dramatically lower your odds of being successfully targeted by a Trojan horse.
Never Download Unfamiliar Email Attachments
If you get an email with a suspicious invoice, bill, refund, or other document attached, but you’re not sure what it is or who it’s from, don’t open it — even if it sounds important!
Most modern email providers are pretty good at filtering these spammy and malicious messages out of your inbox, but be extra diligent whenever you see an attachment you don’t recognize.
You can always compose a separate email to the sender (don’t Reply) asking for more context and clarification.
Avoid Unofficial Marketplaces for Software, Apps, and Media
Hackers love to disguise their malware as free goodies.
If you stumble upon a free version of an expensive program or new release movie, chances are it’s too good to be true. If the download isn’t malware, it’s probably at least loaded with adware.
Stick to paying for or downloading free stuff from trusted sources like iTunes, Amazon, and the Android store.
Install an Antivirus with Trojan Protection
Usually, the best antivirus programs will be able to sniff out malware in a hurry, even if it sneaks past your defenses.
Our favorites give extra Trojan and phishing protection in your email, scan all incoming downloads, and block any malicious programs from running or accessing your crucial data.
If you do fear you might have downloaded a Trojan horse, a scan with a powerful antivirus should have you fixed up quickly.
Trust No One
Hackers and cybercriminals are counting on you downloading their cleverly disguised Trojans in order to get their malware on your device.
The easiest way to avoid these attacks is to stay as skeptical as possible!
If you don’t recognize an attachment, don’t download it. If you think a download seems too good to be true, it probably is. And when it comes to shady and untrustworthy websites (in the gambling, piracy, or adult space), it’s best to keep your distance altogether.