A Trojan is a type of malware with the ability to remotely access any device without the user being aware of it. Trojans may have different goals depending on the type, ranging from freezing your computer, modifying or deleting data, to collecting and sending information to a third party.
Its name comes from the mythical Trojan horse, which is how it derived its mode of action, based on deception and going unnoticed. The Trojan, camouflaged within a legitimate program or software, is installed unintentionally and without the user’s knowledge, creating a backdoor that allows the attacker to access all the information it has collected.
How does a Trojan act?
A Trojan usually has a friendly appearance so that the user does not become suspicious of it. It can be hidden in an email attachment, external storage devices, freeware or P2P programs.
What are the effects of a Trojan horse?
It isn’t easy to tell when a computer is under the influence of a Trojan. Here are some clues, but they are not always clear:
Connections will not work properly, as the malware is activating several “fake” sessions and thus stealing Internet bandwidth, preventing Internet access or, at the very least, slowing it down.
The operating system crashes or restarts without warning.
Programs are executed without the user doing so, and if they are already running, they close unexpectedly.
Pop-ups appear with unusual messages.
The computer’s hard drive is running constantly, even when it is not being used, emitting a sound that gives it away. The same is true for the router, which may blink continuously. If this happens, it is possible that malicious activity is being performed on the router.
Unwanted tabs are opened in your Internet browser, tabs that you opened yourself are closed or unwanted search engines are used.
The installed antivirus is prevented from working to combat malicious attacks.
Features of Trojans
When removing a Trojan from a computer, the first thing to know is its modus operandi. The most important are:
Backdoors: give a hacker remote control of the infected computer, allowing them to perform any malicious action on/with it. This is the most common way to link a group of computers to create a botnet (or zombie network).
Keylogger: installs different tools to capture keystrokes the user makes on the keyboard. This allows it to collect all kinds of information, from usernames, email addresses or bank account numbers, and even the respective passwords.
Rootkit: allows the cybercriminal to install programs to gain remote access to the device without the owner knowing about it. They are also able to hide other malware that can infect it (including themselves).
Downloader: helps download and install more Trojans on the device, giving it the ability to cause a lot of harm, not only by adding more malware to the device, but also by automating its installation once the executable file is ready.
Botnets: accelerate the creation of what are called “zombie computers.” Combined with backdoors, they begin by controlling a large network of computers and then perform an attack.
How to delete a Trojan?
Removing a Trojan from a device is a complex process. Antivirus and antimalware tools can help detect it, using either the basic/free version or the paid version (typically more comprehensive). Once the scan is complete, existing threats are displayed (if any are found). The last step will be to remove them using one of several options available.
How can you protect yourself from a Trojan horse?
Once you know what a Trojan horse is, the types that exist and the damage it can cause, you have to know what steps to take to protect yourself. The first and most basic step is to have an antivirus and antimalware software installed and running. Next, the operating system, browser and applications must always be up to date on all devices.
It is also recommended that you avoid opening attachments and documents in an email if the source is not fully trusted. This means that you have any doubts about the file’s origin, it’s best to reject it. Similarly, security filters for emails and browsers should be activated to alert you when an anomaly is detected. Programs should also not be downloaded from unfamiliar websites (checking the URL and making sure it begins with “https” can help confirm whether it’s legitimate). Finally, apps should always be downloaded from the official sources (Google’s Play Store and Apple’s App Store) and verified by their developers.