What is a Trojan? (Trojan Horse)

Threat Type: Trojan (Trojan Horse)

Threat Category: Malware-Based Threat

Cyber Threat Indicators

Trojan (Trojan Horse) a type of malware designed to deceive users by disguising itself as a legitimate, useful, or harmless program, file, or piece of code.

Core Characteristics

Deceptive Disguise it appears to be a free game, a software update, a utility tool, a PDF document, or a seemingly innocent email attachment.

User-Driven Activation It is non-self-replicating and non-self-executing. It requires the user to perform an explicit action (clicking an attachment, installing the program, etc.) to deliver its payload. This often involves social engineering.

Hidden Malicious Payload once executed, it performs the hidden, malicious task that the attacker designed it for, which can range from stealing data to creating a backdoor.

Common Examples

Backdoor Trojan creates a secret "backdoor" on the infected system, giving the attacker remote, unauthorized control over the device. This is often used to launch further attacks or steal data.

Banking Trojan specifically targets financial institutions and users. It aims to steal online banking credentials, credit card numbers, and other sensitive financial data. (Examples: Zeus/Zbot, Tiny Banker)

Downloader Trojan a smaller Trojan used as an initial infection tool. Its only job is to download and install more complex or persistent malware (like ransomware or spyware) onto the already-infected system.

Ransom Trojan encrypts the user's files or locks access to the system, demanding a ransom payment in exchange for the decryption key or unlocking the device. (Example: CryptoLocker)

Infostealer Trojan designed to steal specific types of sensitive data from a system, such as passwords, email addresses, browser history, or documents.

DDoS Trojan converts the infected computer into a "zombie" or "bot," which is then used as part of a large network (a botnet) to launch a Distributed Denial of Service (DDoS) attack against a target server or website.

Trojan attackers rely heavily on social engineering to trick the user into executing the file.

Common Attack Tactics (Delivery Methods)

Phishing Emails: An email that appears to be from a legitimate source (a bank, a delivery company, or a coworker) and urges the user to open an attached file (e.g., an "invoice," a "shipping document," or a "password-protected zip") that contains the Trojan.

Bundled/Cracked Software: The Trojan is hidden inside illegal copies of software, games, or media (pirated downloads) that users download from torrent sites or untrusted sources.

Fake Updates/Codecs: A user visits a malicious website and is prompted by a pop-up to download a "critical update" or a "missing video codec" to view content, which is actually the Trojan.

Malicious Websites and Ads (Malvertising): Compromised or malicious websites may prompt an infected file download or use a drive-by download (a download that begins without the user's knowledge) to infect the system.

---

VIIEGO the human security agency for human security research and consulting in identity manipulation and fraud prevention to decode human behavior and secure your identity.

www.viiego.com | Protect What's Yours.