And at night the belly of the horse opened, but it was too late… After a long siege, the Greeks finally managed to capture the city of Troy and put an end to the Trojan War. Thousands of years later, the Trojan Horse myth is still alive, albeit in an unflattering interpretation. The sophisticated cunning and miracle of the engineering thought of the Greeks gave the name to a group of malicious digital tools, the sole purpose of which is to cause damage to the victims’ computers unnoticed. They do this by reading passwords, recording keystrokes, or downloading other malware that can even take over the entire computer. They can perform the following actions:
Disruption of computers and computer networks
Unlike computer viruses and worms, Trojan programs are not capable of self-replication.
Types of Trojan programs
This is one of the simplest, but potentially the most dangerous types of Trojan programs. Such programs can load all kinds of malicious programs into the system, acting as a gateway, and also increase the vulnerability of the computer to attacks. Backdoors are often used to create botnets when, unbeknownst to the user, computers become part of a zombie network used for attacks. In addition, backdoors allow you to execute malicious code and commands on the device, as well as monitor web traffic.
Exploits are programs containing data or code that allow exploiting a vulnerability in an application on a computer.
Rootkits are designed to hide certain objects or actions in the system. Their main goal is to prevent malware detection and, as a result, to increase their working time on an infected computer.
Droppers / Loaders
One of the most famous Trojan droppers is the Emotet malware, which, unlike a backdoor, cannot execute any code on a computer by itself. However, it downloads other malicious programs, such as the Trickbot banking Trojan and the Ryuk ransomware. Droppers are similar to Trojan loaders, but loaders need a network resource to download malware from the network, and droppers contain other malicious components in their software package. Both types of Trojan programs can be remotely updated by their developers so that they cannot be detected during an antivirus scan, even with the help of new virus descriptions. In the same way, new functions can be added to them.
Banking Trojans are the most common. The spread of online banking and the inattention of some users make banking Trojan programs a promising way for attackers to embezzle other people’s money. The purpose of such programs is to obtain credentials for accessing bank accounts. Phishing is used for this: the alleged victims are redirected to a page controlled by attackers to enter credentials. Therefore, for online banking, it is necessary to use secure methods for logging in: the bank’s application, and not entering credentials in the web interface.
Trojans performing DDoS attacks
Distributed denial of service (DDoS) attacks continue to roil the Internet. In these attacks, a huge number of requests are made to the server or network, as a rule, this is done using botnets. For example, in mid-June 2020, Amazon repelled a record-breaking attack on its servers. For more than three days, Amazon’s web services were hit by a huge number of requests, the speed was 2.3 terabytes per second. To achieve such computing power, a huge botnet is needed. Botnets consist of so-called zombie computers. At first glance, these computers work fine, but they are also used in attacks. The reason is a Trojan program with a backdoor, imperceptibly present on the computer and activated by the operator if necessary. The result of successful botnet and DDoS attacks is the unavailability of websites or even entire networks.
Trojans imitating antiviruses
Trojans that mimic antiviruses are especially insidious. Instead of protecting the device, they are a source of serious problems. These Trojan programs simulate virus detection, thereby causing panic among unsuspecting users and convincing them to purchase effective protection for a fee. However, instead of a useful anti-virus scan tool, the user has new problems: his payment data is transferred to the creators of the Trojan program for further unauthorized use. Therefore, you should never click on links in virus warnings, especially those that are suddenly displayed in the browser when visiting websites. You can only trust your antivirus scan tool.
Game Account Thieves
This type of software steals accounts of online players.
Trojans attacking instant messaging applications
These Trojans steal the credentials of instant messaging applications such as ICQ, MSN Messenger, AOL Instant Messenger, Yahoo Pager, Skype and others. It can be argued that currently these messengers are practically not used, but new messaging applications are also not protected from Trojans. Facebook Messenger, WhatsApp, Telegram and Signal can also be attacked by Trojan programs. For example, in December 2020, the distribution of Trojan programs for Windows through the Telegram channel was recorded. Instant messaging services should also be protected from dangerous phishing attacks.
In January 2018, Kaspersky Lab researchers discovered the Skygofree Trojan, an extremely advanced malware capable of independently connecting to Wi–Fi networks, even if this feature is disabled on the user’s device. The Trojan program Skygofree can also track messages in the popular WhatsApp messenger: read, as well as steal them.
This type of Trojan can change data on a computer, causing malfunctions in its operation or blocking access to certain data. The attackers promise to restore the computer’s functionality or unlock the data only after receiving the required ransom.
They may seem like a relic of the past, but they are still active and pose a serious threat. SMS Trojans can work in different ways. For example, Faketoken, a malicious program for Android, massively sends SMS messages to expensive international numbers, while masquerading in the system as a standard SMS application. The owner of the smartphone has to pay for this newsletter. Other SMS Trojans connect to expensive premium SMS services.
Trojan spyware can monitor the user’s work on the computer: track the data entered from the keyboard, take screenshots and get a list of running applications.
Trojans-email address collectors
These malicious programs perform unauthorized collection of email addresses on the computer.
In addition, there are other types of Trojan programs:
Trojans that cause archiver failures
Trojans notifying the attacker
Trojans for account theft