nordpass logo

What Is a Trojan Horse Virus? Detection, Examples, and Remedies

Lukas Grigas
Cybersecurity Content Writer

A Trojan horse virus steals your sensitive data, deploys malware, and can crash your entire system. It’s so insidious it implants itself innocently in what appears to be a normal file. Here's how to tell if your downloads are harboring a secret trojan designed to wreak havoc on your device.

What is a Trojan horse virus?

Nicknamed after the wooden horse used by ancient Greeks to sneak soldiers into the city of Troy, the Trojan horse virus hides in a regular download file. For example, a user may download an email attachment, and unwittingly transfer the trojan into their system. From banker trojans to remote access trojans – each Trojan horse is stealthily designed to perform different crimes. Still, their chief goals are to take control of your device, weaken your system or network, and ultimately steal your information.

How do trojans work?

Because trojans — unlike viruses — don’t self-replicate, they work by imitating legitimate files with the intention of tricking unsuspecting users into downloading, installing, and running the malware. Often, trojans spread via email disguised as trustworthy file attachments. Bad actors also use social engineering techniques to spread trojans. The malware can be hidden behind pop-up ads, banners, or links of suspicious websites.

Once the trojan is downloaded and installed on a system, it immediately starts doing the dirty work. The damage that a trojan can cause depends on its developer’s intentions. However, most trojans share similar functionality and can:

  • Delete your files.

  • Modify data on the affected device.

  • Steal your personal data.

  • Install additional malware.

  • Negatively affect your device’s performance.

Can trojans infect mobile devices?

In the past, bad actors focused their efforts primarily on computers. Times have changed, and today our cellphones are loaded with precious data: credit card details, passwords, personally identifiable information, messages, access to social media, and other pieces of information that cybercrooks drool over. Naturally, bad actors adapted trojans for modern-day cell phones as well as tablets. The functionality of a trojan designed for an Android device or iOS one does not differ all that much from trojans made for computers.

Types of Trojan horse viruses

Downloader trojan

After this trojan infects your computer, it rapidly multiplies itself, downloading and installing new versions of trojans and malware onto your system.

Backdoor trojan

This sneaky trojan creates a backdoor on your computer for an attacker to access and control your device. The aim is to steal your data or install more malware onto your device to weaken your system security even more.

Mailfinder trojan

This mail-crunching trojan scours your device, hunting for email addresses you've stored on your device.

DDoS attack trojan

The distributed denial-of-service trojan crashes your network by flooding it with traffic from infected computers.

Game-thief trojan

The sore losers’ favorite, this trojan seeks to steal the account information of online gamers.

Banker trojan

Hungry for numbers, the banker trojan is programmed to find and steal anything financial that you do online – including banking and credit card information.

SMS trojan

This trojan infects your phone, sending and intercepting text messages. A favored tactic is to text premium-rate numbers to skyrocket your phone bill.

Infostealer trojan

This general information-stealing trojan is not fussy. It'll infect and then scan your entire device for any information it can get its grubby hands on.

Ransom trojan

This trojan blocks or impairs your computer from functioning and then demands a ransom to undo it.

Exploit trojan

An exploit trojan takes advantage of security vulnerabilities within an operating system or an application.

Fake antivirus trojan

As the name suggests, a fake antivirus trojan masquerades as legitimate antivirus software and is designed to fool unsuspecting users into downloading and installing it. Usually such trojans work by detecting and removing actual antivirus software from the affected device and then start doing their dirty work.

Instant messaging (IM) trojan

This type of trojan spreads via popular messaging platforms. The aim of an instant messaging trojan is to steal sensitive data such as passwords and usernames.

Remote access trojan

Remote access trojans are purpose-built to provide their developers with remote access and full control of the affected machine.

Rootkit trojan

Rootkit trojans are created to stop malicious applications from being identified and removed from the infected devices.

Spy trojan

Spy trojans’ primary purpose is to spy on the affected device and collect data such as passwords, financial data, and credit card details.

Examples of a Trojan horse attack

The suspicious email

Imagine that you receive an email that includes a message from “Jessica.’ You don't know Jessica, but the subject line reads: “Urgent – I need to speak to you.” You decide to open the message only to find a hyperlink. You click on the hyperlink and, whether it's curiosity or panic that got a hold of you, you've now unintentionally installed a Trojan horse onto your device.

The money-grabbing miner

Banking trojans like Rakhni have been causing chaos as early as 2013. Rakhni delivers a cryptojacker that lets criminals use your device to mine for cryptocurrency before spreading to other computers on the network. Once your device is infected with the trojan, the malware looks for folders associated with bitcoin and then runs a piece of ransomware that encrypts and essentially freezes your files. The attacker then demands a ransom payment within three days.

For context, it's worth noting that in 2014, the Tokyo-based MtGox exchange was closed after 850,000 bitcoins (worth half a billion US dollars at the time) disappeared from its virtual vaults. Last year, Binance confirmed the theft of $40 million in cryptocurrency from a single bitcoin hot wallet.

Zeus/Zbot

The Zeus trojan, also referred to as Zbot, was first discovered way back in 2007 when it was used to carry out an attack on the US Department of Transportation. With time, the Zeus trojan came to target financial institutions by employing such devious tactics as keylogging and form grabbing, which allowed bad actors to get their hands on sensitive data such as usernames and passwords.

Emotet

Emotet was first discovered in 2014. At the time, Emotet was used as a banking trojan. However, cybercrooks soon found another use — malware distribution. The trojan targeted businesses and individuals via phishing attacks and came to be known as one of the most dangerous malware strains ever designed.

Wirenet

Wirenet is one of the first cross-platform trojans designed to steal sensitive data from machines that run Linux, macOS, as well as Windows. The trojan has backdoor functionality, which essentially means that the infection can get access to all the affected user’s sensitive data it wants.

How to detect a Trojan horse virus

Attackers will go to great lengths to deploy the perfect social engineering scam to get you to install the Trojan horse virus onto your system. It may start as a malicious attachment in an innocent-looking email, or your machine may already have weak points that a hacker will exploit for entry.

Generally speaking, a trojan will cause your entire device to malfunction and go haywire. Here are some symptoms of a Trojan horse virus to look out for:

  • The desktop screen has changed, and your taskbar has vanished.

    Changes to your computer's graphics are always a tell-tale sign of infection. Stay alert for random changes to your wallpaper, program icons, or desktop apps. Take notice if the screen color or resolution has changed; sometimes the entire screen will turn upside down and malfunction for no reason at all. A Trojan horse infection will also cause your taskbar to vanish altogether.

  • Your antivirus software becomes disabled.

    A Trojan horse virus can disable your antivirus software and restrict access to it. That makes it harder for you to defend yourself against the trojan, which is already eating through your system.

  • Pop-ups keep popping up.

    If you suddenly have lots of annoying pop-up adverts, you can assume that you have some type of malware infection. The reason you're getting these is that they're loaded with malware. If you accidentally click on them, they could download even more malicious malware onto your device.

  • Your device is having performance issues.

    Malicious applications, be it a trojan or other type of malware, have the tendency to slow down the affected device. So if you have noticed that your computer or a mobile device is performing slower than usual, it might indicate the presence of a trojan. Here’s a quick way that you can check your computer’s performance and whether there’s something unusual running in the background.

    On Windows 10:

    1. Hit Ctrl+Alt+Del simultaneously.

    2. Select Task Manager.

    3. Scroll down to Background Processes.

    4. Find which processes are using up your CPU, memory, and disk space.

    On Macs:

    1. Open the Spotlight by hitting Command+Space simultaneously.

    2. Type in “activity monitor.”

    3. Check which apps are using up resources under “% CPU.”

What to do if you get a Trojan horse virus

  1. Identify the trojan

    If you're vigilant enough to recognize the specific file infected with the trojan, you can quickly identify it. Your system may give you a DDL error, which is almost always associated with a trojan attack. You can then copy the error and find out about the affected .exe file online.

  2. Disable system restore

    Assuming you delete the infected files, you'll want to disable system restore, or the deleted files will automatically get restored.

  3. Restart your device in safe mode

    When you restart, press F8 and select safe mode to start your computer. Safe mode stops third-party apps from running, and that includes malware. You can then open your application manager and delete infected apps or disable the procedures associated with the trojan virus.

Easy steps for prevention

  1. Never open an attachment in an email from someone you don’t know. If the subject reads: “bill overdue” or “urgent action required,” and you recognize the sender – call them directly to confirm their identity.

  2. Install a trojan antivirus on your computer. It’ll give you extra trojan and phishing protection by scanning your email and incoming downloads. It will also block malicious programs from accessing your crucial data.

  3. Keep all software and apps on your device up to date with the latest security patches.

  4. Avoid unofficial marketplaces for software, apps, and media. Free versions of programs or the latest movies can be loaded with malware and adware. Instead, stick to paying or downloading from trusted sources like iTunes, Amazon, and the Android store.

  5. Protect your online accounts with complex and unique passwords. While strong passwords might not protect your devices from getting infected with a Trojan horse, they will improve your chances of withstanding a cyberattack. Password managers are great tools for coming up with strong passwords and storing them in a single secure place, where you can access them at your convenience.

  6. Back up your data regularly. If your device becomes infected with a Trojan horse, a backup of your data will minimize the potential damage significantly.

Subscribe to NordPass news

Get the latest news and tips from NordPass straight to your inbox.