Unlike viruses, Trojans do not self-replicate by infecting other files or computers. Rather, a Trojan is the decoy horse, ushering in other malicious software (malware), giftwrapped to hide its nefarious intent.
Trojans survive by going unnoticed. They may sit quietly in your computer, collecting information or setting up holes in your security, or they may just take over your computer and lock you out.
What is a Trojan?
Basically, a Trojan is a malicious program that pretends to be harmless in order to trick people into downloading it.
Trojans have the distinction of being one of the first pieces of malware to ever exist. Their name was coined all the way back in a US Air Force report from 1974, which listed all the hypothetical ways a computer system could be compromised. It wouldn’t stay in the hypothetical realm for long.
What the experts say
"Trojans are typically spread through social engineering techniques, such as phishing emails or infected file downloads. Once installed, Trojans grant attackers complete access to the victim's device, enabling them to execute various malicious activities." - Gen 2024 Threat Report
Ondrej Mokos
Malware Researcher
A mere one year later, the first “real” Trojan (although there is some debate if it counts) was discovered in the wild: a program called ANIMAL-PERVADE. This piece of code disguised itself as a game to get users to download it, and then secretly ushered in a self-replicating virus. A simple animal-themed guessing game, it made backups of itself on every drive the current user could access, taking great pains not to damage or overwrite anything in the process. It was harmless and easy to fix, but since it did not disclose the virus it contained, it qualified as a Trojan.
The Trojans that followed were not so innocent, and they quickly became one of the most popular kinds of malware attacks. This is especially true today, where “social engineering” (a type of threat that involves manipulating and lying over social channels) is one of the primary distribution methods for malware of all types.
What do Trojans do?
Because Trojans are so versatile and can go unnoticed, their popularity has exploded, making them the malware of choice for many online criminals.
Some of the common actions that Trojans take are:
Creating backdoors: Trojans typically make changes to your security system so that other malware or even a hacker can get in. This is usually the first step in creating a botnet.
Spying: Some Trojans are essentially spyware designed to wait until you access your online accounts or enter your credit card details, and then send your passwords and other data back to their master.
Turning your computer into a zombie: Sometimes, a hacker isn't interested in you, but just wants to use your computer as a slave in a network under their control (also known as botnet).
Sending costly SMS messages: Even smartphones get Trojans, and a common way for criminals to make money is by making your phone send costly SMS messages to premium numbers.
What does a Trojan look like?
Well, that’s just it: Trojans can look like just about anything. The computer game you downloaded from a strange website. The "free" MP3 by that band you secretly like. Even an advertisement might try to install something on your computer.
Some Trojans are specifically designed to trick you into using them. They can use misleading language or try to convince you they are a legitimate app. This is why it’s so important to watch out for unsafe websites and never download things carelessly.
How can I tell if I’m infected with a Trojan?
Unlike many kinds of malware, which make no pretense of being safe or friendly, Trojans can be a bit harder to identify at a glance.
Check your installed programs
Trojans, as we’ve discussed, will often open a backdoor to download other malware. So it can be worth your time to check your installed programs for anything you don’t remember installing. PC users can go to add or remove programs, and those with Macs can use the Finder feature. If you see anything you don’t recognize, it either means you have a Trojan, or a legitimate download installed an additional program behind your back. In either case, it’s good to get rid of it.
Check your startup software
Not all Trojans will show up in your add/remove program list. For a more comprehensive list (on Windows), hold the windows key and press R to bring up the run menu. From that menu, type “regedit” and click enter, and you’ll see a screen like this:
Click HKEY_CURRENT_USER, then expand the SOFTWARE folder. It will show you all the software you have installed — all of it. Google anything you don’t recognize, and if you’re suspicious, you can delete it.
Consider your performance
These days, most malware is smart enough to avoid crowding your desktop with pop-up ads as they did in yesteryear, but that doesn’t mean your computing performance won’t take a hit. In fact, with the rise of cryptomining, your computer is liable to run even slower if it’s got a nasty infection.
So if you notice things running slowly, either at startup or just during normal use, use Ctrl-Alt-Delete to pull up your task manager. Click on the Processes tab (it should be open by default) and see which programs are using up your CPU and RAM. Some software, like high-end games, will typically eat up most of your power. Most apps shouldn’t — so if you notice some weird software really chewing up your processing power, Google it and see if it’s actually a Trojan. If it is, remove it, and if it isn’t, you should probably remove it anyway.
Get an antivirus
It should be fairly obvious at this point, but the best way to identify malware — and to prevent infections in the first place — is with a strong, reliable antivirus like AVG AntiVirus FREE. It’s worth noting that Trojans are typically better than most malware at staying hidden because they put more effort into hunkering down and staying out of sight. By comparison, viruses use their energy to self-proliferate, making them more visible.
So if you’re worried that a stubborn Trojan is hiding on your device, you’ll want to run a boot-time scan, which takes place as a computer is starting up —leaving malware nowhere to hide. That’ll do the trick, and as luck would have it, AVG Free AntiVirus has a boot-time scan feature.
How can I avoid a Trojan infection?
The first and most obvious step is to get an antivirus, which will catch and stop most Trojans dead in their tracks. But as the human element is the weakest link in the cybersecurity chain, you’ll have to do your part as well if you want to stay completely safe.
Be wary of downloads
The first thing you’ll want to do is be cautious about anything you download online, and be aware of phishing attempts. Malware has been known to sneak onto the most secure marketplaces and past the most stringent anti-spam, and while it’s always inevitably caught, it’s usually able to snare a few people beforehand. So to avoid opening the gates and inviting doom the way Trojans do in the myth, look for the following warning signs:
-
Is it too good to be true?
-
Does it try to sound personal but lacks personal identifiers?
-
Did it come out of nowhere?
-
Was it sent from a public domain email address? (@yahoo.com, @gmail.com, etc)
-
Does it have an element of urgency?
-
Is anything odd or misspelled?
-
Are the links not HTTPS? Are they spelled wrong? Or do they have strange characters?
-
Does the file being offered have a weird extension? (e.g., a “document” being a ZIP file)
-
Are you downloading from a third party or third-party site?
-
Are there reviews? Are the good reviews suspicious or do they all sound too similar?
-
If it’s an app, was it released recently? Is it an app you have reason to believe would be around longer? (For example, was a banking app “released” just a few hours ago?)
If any of these are true, then there’s a good chance a hacker is trying to phish you. But that’s not the only way you can become infected with a Trojan.
Avoid pirated files and media
Despite what you might have heard, “piracy” is by no means the primary way hackers distribute malware. But that’s not to say that pirated software is close to safe. Anytime you download a file from a stranger (or even a friend) from a file-sharing site, there’s a good chance it’ll be malware, or have malware smuggled alongside it.
How do I get rid of a Trojan?
If you identified a Trojan using the methods detailed earlier, you can get rid of it manually by deleting the file or application. That won’t guarantee that it’s gone (it could exist by way of leftover files), but it’s a start. In fact, many types of malicious programs will try to put up a fight — read our guide on how to remove malware for more details.
If you can’t find the Trojan but still suspect you’re infected, recovering an old backup of your PC will get rid of it. Failing that, a factory reset is a good last-ditch effort. But of course, nothing beats an antivirus for speed and convenience. You can perform a normal scan, or if necessary, a boot-time scan to discover stubborn Trojans. Just make sure you have a robust antivirus like AVG AntiVirus FREE to do the dirty work for you.