What is a Trojan (horse)?
Trojan horse malware is a file, program, or piece of code that appears to be legitimate and safe, but is actually malware. Trojans are packaged and delivered inside legitimate software (hence their name), and they’re often designed to spy on victims or steal data. Many Trojans also download additional malware after you install them.
The Trojan gets its name from the Trojan Horse in the Greek epic poem The Iliad. In the story, the Greek hero Odysseus hatches a plan to construct a giant wooden horse that his enemies — the Trojans — would receive into their city as a gift. But within the belly of the horse hid a legion of soldiers, who emerged under cover of night to decimate the city of Troy from within.
Trojan malware works the same way — it pretends to be something harmless, but it’s just a cover for its real, malicious intent. To stay protected against trojans and other malware, download free antivirus software for Windows 10 or Windows 11.
How do Trojans work?
Trojans work by masquerading as legitimate files, with the goal of tricking victims into clicking, opening, or installing them. Once this happens, the Trojan begins installing malware on your device, spying on you, or causing other types of harm.
What the experts say
"Trojans are typically spread through social engineering techniques, such as phishing emails or infected file downloads. Once installed, Trojans grant attackers complete access to the victim's device, enabling them to execute various malicious activities."
For example, email Trojans will use social engineering techniques to mimic mundane email attachments. The email itself will also seem trustworthy, but it’s actually a fraudulent email sent by a cybercriminal. When you open the attachment, the Trojan activates and starts attacking your device. The deceit is a central part of the Trojan horse definition.
Is a Trojan a virus or malware?
Trojans are not viruses, but they are a type of malware. People sometimes refer to “Trojan viruses” or “Trojan horse viruses,” but there’s no such thing. That’s due to one critical difference in how viruses and Trojans infect victims. While viruses self-replicate, spreading from one victim to the next, Trojans need you to install them.
That distinction is what distinguishes viruses from Trojan horse malware. Of course, viruses and Trojans themselves are both kinds of malware.
Trojans aren’t viruses, but they are a type of malware.
How to recognize a Trojan attack
Trojan horse programs are sneaky, but if you know what to look for, you can recognize the signs of a Trojan attack and begin the process of Trojan removal. Here are the most common signs of a Trojan malware attack:
-
Your computer feels slow
Trojans often install additional malware that together can consume a large amount of computing resources. Remove the Trojan malware infection to speed up your PC or other device.
-
Crashes and freezes
Sometimes, Trojans may overwhelm your computer and cause crashes or other failures. The infamous Blue Screen of Death is always a cause for concern.
-
Unfamiliar apps on your device
Many Trojans install additional malware. If you notice anything unfamiliar in your Windows Task Manager or macOS Activity Monitor, look it up — it might be malware.
-
Internet redirects
Some Trojans change your DNS settings or manipulate your browser to redirect you to malicious sites that can harvest your data or infect you with additional malware.
-
Changes to your desktop, taskbar, or browser
As the Trojan installs new malware or makes other changes to your computer, you may see new icons on your desktop or in your taskbar. The same goes for browser toolbars or plugins that you didn’t install yourself — look out for these browser hijackers.
-
More pop-ups
Are you seeing more pop-ups than usual? A Trojan may have installed adware on your device.
-
Your antivirus software is deactivated
Trojans and other malware don’t want to be detected and removed — so they’ll try to turn off your antivirus software. Protect yourself against Trojans and other malware with a free antivirus solution that stops them before they can inflict harm.
Avast One automatically detects and blocks Trojans from infecting your devices. And it’ll clear out any infections currently on your machine. Protect yourself from Trojans and any other malware with Avast One, an award-winning antivirus tool.
Types of Trojan malware
Backdoor Trojans
Cybercriminals use backdoor Trojans to give themselves a “backdoor” into your device — a way to access your computer without your knowledge. This backdoor is often used to install more malware, spy on you and collect your data, or rope your computer into a botnet.
Banking Trojans
Banking Trojans infiltrate your devices and steal your financial login credentials. Hackers use them to crack your banking and other financial accounts. The Zeus Trojan — one of the most infamous Trojans to date — was a banking Trojan.
DDoS Trojans
DDoS Trojans aim to conscript your device into a botnet: a network of linked devices controlled remotely by a hacker known as a bot herder. They’ll use the botnet to carry out distributed denial of service (DDoS) attacks that shut down other websites and internet services.
Dropper or downloader Trojans
Droppers are the first stage in a blended threat — a three-part malware package that consists of a dropper, loader, and more maware (often a rootkit). The dropper Trojan infects your device and sets the stage for the loader, which in turn installs a rootkit that gives a hacker access to your device. Other downloader Trojans will install other types of malware.
Exploit Trojans
These devious Trojans use exploits — software tricks designed to leverage a known software or hardware vulnerability — to infect your device. Zero-day exploits target vulnerabilities that no one but the exploit creator has discovered yet.
Fake antivirus Trojans
A dangerous type of scareware, fake AV Trojans pretend to detect viruses and other malware on your device, then urge you to pay for security software — which is either useless or actively malicious. When you pay, the Trojan creator gets your payment details.
Gaming Trojans
Gaming Trojans target online gamers and steal their login info. Cybercriminals can use these to crack the accounts of high-profile players or steal valuable in-game items.
Infostealer Trojans
Data theft is the goal with infostealer Trojans. They’ll comb through your device for sensitive personal data, then send it back to the hacker who attacked you. Cybercriminals can use this data to commit fraud or identity theft.
Instant message Trojans
Targeting the instant message (IM) apps on your device, IM Trojans hijack your login credentials and help themselves to your contact list. Newer IM apps that use encryption like WhatsApp or Signal are less vulnerable than older services such as Skype or MSN Messenger — but malware is always evolving.
Mailfinder Trojans
Less of a danger in the era of webmail services like Gmail, mailfinder Trojans target email apps like Microsoft Office and plumb them for email addresses. Cybercriminals can add any plundered email addresses to their spamming or phishing attacks.
Ransomware Trojans
Ransomware is a type of malware that blocks your access to your data or device, then threatens to either publish, permanently withhold, or destroy the data unless you pay a ransom. Ransomware Trojans use deceit to trick victims into activating the ransomware.
SMS Trojans
SMS Trojans infect mobile devices, usually Android, and either send expensive SMS messages to premium services owned by the cybercriminal, or intercept messages coming to and from your phone.
Examples of Trojan horse attacks
Trojan horse malware has caused some of the most notorious cyberattacks in history. Here’s a look at several of the most well-known Trojans.
ZeuS
The ZeuS Trojan first appeared in 2007 in a data theft attack on the US Department of Transportation. Known mostly as a banking Trojan, ZeuS is commonly used to steal financial information through two browser-based techniques:
Spread largely via phishing emails and automatic drive-by downloads on infected websites, ZeuS eventually infected millions of computers — which is why it was used to create Gameover ZeuS, one of the most notorious botnets of all time.
Emotet
First detected in 2014, Emotet began as a banking Trojan. But after cybercriminals began using it to distribute other malware instead, Emotet made serious waves in cybersecurity.
Routinely hailed as one of the most damaging malware strains ever created, Emotet targeted corporate and individual victims alike through massive spam and phishing campaigns. The malware was used to create several botnets, which were then rented out on a malware-as-a-service (MaaS) model to other enterprising cybercriminals.
Emotet was finally disrupted in 2021 via a coordinated global law enforcement effort.
Shedun
Trojans aren’t just for Windows — Shedun is an Android adware Trojan horse that repackages legitimate Android apps with bogus adware, before rehosting them on third-party download portals. When you install the app from one of these sites, you get the adware along with it.
Once you install the infected app, you’re spammed with ads that generate revenue for the attacker. Removing the malware from your Android device is very difficult, and most victims opted to buy new devices instead. By 2016, Shedun was reported to have infected over 10 million Android devices.
Can Trojans affect mobile devices?
Trojans can affect mobile devices as well as desktop and laptop computers. Both Android and iOS have been affected by Trojan horse malware, though Android Trojans are far more common.
The GriftHorse Trojan is a recent Android SMS Trojan that signs victims up to premium messaging services to generate revenue for the attacker. So far, it’s impacted over 10 million victims worldwide. GriftHorse disguises itself as legitimate apps — the most popular of which has over 500,000 downloads alone.
In 2016, the AceDeceiver iOS Trojan was found to be able to attack non-jailbroken iOS devices. Three separate AceDeceiver apps made it through Apple’s internal review processes and were available for download on the official App Store. Learn how to remove malware from your iPhone so you’re ready if this happens to you.
How to remove Trojan malware
The best way to remove Trojan malware from any device is with specialized Trojan removal software. Removing Trojans is similar to removing viruses and other malware from your computer.
-
Download Avast One, or other antivirus software from a trusted provider.
-
Enter Safe Mode.
Restart your PC in Safe Mode to prevent any malware from running or using the internet.
-
Remove temporary files.
Use the Disk Cleanup tool to remove temporary files. This will speed up the malware scan you’ll do next.
-
Scan your PC for malware.
Use your antivirus software to scan your PC for Trojans and other malware. Your software should detect the malware and remove it automatically.
-
Recover damaged files or data.
If you’ve been regularly backing up your computer, restore any damaged files or data from your backup.
How to prevent Trojan horse attacks
-
Download apps and software from official sources.
Trojans are often hosted on third-party app download sites. Get your software directly from the manufacturer or from official portals like the Apple App Store and Google Play — though these have been compromised by Trojans in the past, they’re much safer than other options.
-
Don’t open unknown email attachments or click strange links.
Fraudulent emails are a popular vector for spreading Trojans. Don’t click attachments or links in emails that you aren’t expecting to receive. Even if the email looks legit, it may be spoofed by a cybercriminal.
-
Use an ad blocker or secure browser.
Some Trojans spread through infected web ads. An ad blocker or private browser will prevent these and other ads from loading in your browser, preventing infected sites from giving you a Trojan.
Avast Secure Browser is a highly secure browser that automatically blocks ads and protects you against malicious downloads.
-
Be skeptical of free software.
Trojan creators often disguise their Trojans as free games and other seemingly useful apps. If you’re about to install something new, research it first and read user reviews.
-
Don’t click web banners or unfamiliar links.
Not all drive-by downloads are handled via malvertising. Some malware creators develop websites that can automatically install Trojans and other malware onto your device as soon as you visit. Avoiding unknown sites reduces your risk of downloading a Trojan.
-
Use an antivirus tool.
A strong antivirus tool from a reputable provider will automatically keep Trojans off your device. Choose one that doubles as a malware removal tool that can detect and remove Trojans and other malware from your devices as well.
Defend against Trojans with comprehensive security
While there are many types of Trojan horse malware, they’re all designed to fool you into installing them. That’s why Trojans can be so hard to detect — they look like legitimate software.
The best way to protect yourself against Trojans is with reliable security software that can detect, block, and remove all kinds of malware and viruses automatically. That way, there’s no chance for the Trojan to trick you. Stay Trojan-free today with Avast One, an award-winning antivirus and cybersecurity solution that's 100% free.