How Does a Trojan Horse Work?
Trojan horses wrap malicious functionality in a seemingly benign package. Depending on the level of sophistication of the program, the malware may actually perform the benign function — making it more difficult for the victim to catch onto the attack — or may just be designed to achieve execution.
The trojan malware may be created wholly by the malware author or be a modified version of the legitimate program. In the second case, the attacker adds the malicious functionality, leaving the rest of the program unchanged and able to perform its original function.
The Threat of Trojan Horse Viruses
The term “Trojan Horse” covers many different types of malware because it simply refers to the fact that malicious functionality is built into a legitimate program. Various types of malicious functions can be integrated into a trojan horse, and the impact of the malware depends on the exact malicious functionality included in the malware.
Types of Trojan Horse Viruses
Trojan horses can perform various malicious functions. Some common types of trojan horses include:
- Remote Access Trojan (RAT): A RAT is a trojan horse that is designed to gain access to a target system and provide the attacker with the ability to remotely control it. RATs often are built as modular malware, allowing other functionality or malware to be downloaded and deployed as needed.
- Mobile Trojan: Mobile trojans are trojan malware that target mobile devices. Often, these are malicious mobile apps that appear in app stores and pretend to be well-known or desirable software.
- Spyware: Spyware is malware that is designed to collect information about the users of an infected computer. This could provide access to an online account, be used in fraud, or help target advertising to a particular user.
- Banking Trojans: Banking trojans are malware designed to steal the login credentials of users’ online bank accounts. With this information, an attacker can steal money from the accounts or use this information for identity theft.
- Backdoor: A backdoor provides access to an infected computer while bypassing the traditional authentication system. Like a RAT, backdoors allow the attacker to remotely control an infected computer without needing the credentials of a legitimate user account.
- Botnet Malware: Botnets are collections of infected computers that attackers use to perform automated attacks. Trojan horse malware is one of the methods by which an attacker can gain access to a computer to include it within a botnet.
- DDoS Trojan: DDoS trojans are a particular type of botnet malware. After gaining access to and control over the infected machine, the attacker uses it to perform DDoS attacks against other computers.
- Downloaders/Droppers: Trojan horses are well suited to gaining initial access to a computer. Droppers and downloaders are malware that gains a foothold on a system and then installs and executes other malware to carry out the attacker’s goals.
How To Protect Against Trojan Viruses
Trojan horses can infect an organization’s systems in various ways, requiring a comprehensive security strategy. Some best practices for protecting against trojans include:
- Endpoint Security Solutions: Endpoint security solutions can identify known trojan horse malware and detect zero-day threats based on their behavior on a device. Deploying a modern endpoint security solution can dramatically reduce the threat of this malware.
- Anti-Phishing Protection: Phishing is one of the leading methods by which cybercriminals deliver malware to a device and trick users into executing it. Phishing prevention solutions can identify and block messages carrying trojan malware from reaching users’ inboxes.
- Mobile Device Management (MDM): Mobile trojans are malicious apps that are often sideloaded onto a device from unofficial app stores. MDM solutions that check mobile apps for malicious functionality and can restrict the apps that can be installed on a device can help prevent mobile malware infections.
- Secure Web Browsing: Trojan malware commonly masquerades as a legitimate and desirable program to get users to download and execute it from a webpage. Secure web browsing solutions that inspect files before allowing them to be downloaded and executed can block these attacks.
- Security Awareness Training: Trojan horses often come with a promise that “seems too good to be true”, such as a free version of desirable software. User security awareness training can help employees to understand that anything that seems too good to be true is probably malware.
Prevent Trojan Horse Infections with Check Point
Trojan horses are a common type of malware, but they are one of several cyber threats that companies face. For more information about the current cyber threat landscape, check out Check Point’s 2022 Cyber Security Report.
Check Point Harmony Endpoint provides comprehensive threat prevention against trojans and other types of malware. To see Harmony Endpoint in action, feel free to sign up for a free demo today.