What are trojans?
"Trojan horse" attacks or simply “Trojan attacks” use deception and the so called “Social Engineering” to convince unsuspecting users to run apparently benevolent programs, which however conceal malicious second intentions.
In common thinking, Trojans are considered simple viruses or worms, but this is not the case. A virus is an infected file capable of self-reproducing and spreading by using other programs. Worms, on the other hand, are a type of malware similar to viruses. However, unlike viruses, worms do not need to attach themselves to another program to spread.
Most viruses are considered an outdated threat. Even worms are increasingly rare nowadays, even though some of them appear occasionally.
In the common language, the term "Trojan" is used to indicate a malware located inside an interconnected electronic device hosting it. Depending on the case and on their use, these attacks can work as a real Trojan horse, capable of acquiring multiple information present on the infected device. They can act as an independent malware, or act as a tool for other activities.
In other words, a trojan is an infection strategy that hackers use to insinuate any other type of threat, from ransomwares that asks for cash payments, to hidden spywares which steal valuable information, such as personal and financial data.
Trojans can be easily confused with adwares and PUPs (potentially unwanted programs), since the infection method is similar. For instance, sometimes adwares infiltrate your computer through a bundled software. When the user downloads a single software, he or she is actually downloading two or three of them.
Often program authors add adwares through marketing affiliations, managing to monetize their installation program with generally visible offers. As a rule, these bundled adwares are less dangerous than Trojans. Moreover, they do not hide the same way as trojans do. However, since the adware distribution vector resembles that of Trojans, there may be some confusion.
How do Trojan attacks work?
Trojans can hide behind anything. They disguise themselves as free softwares, music apps, advertisements, or an apparently normal "APP". Avoiding trojan infection also depends very much on our behavior even though it is extremely difficult to always pay attention to everything.
Here are some tips to avoid possible infections:
- Avoid downloading pirated applications;
- Avoid downloading free programs that are unknown and unsafe;
- Avoid opening attachments of dubious origin as they could be infected;
- Avoid visiting suspicious web pages.
What are the types of Trojans?
There are many types of Trojans and it is very difficult, even for professionals, to recognize these threats. As previously mentioned, Trojans are programmed to take control of a computer, acquire data, spy, infiltrate other malware on PCs, smartphones, tablets and any other technology.
Below we will list some of the most common Trojan threats:
Backdoors: they can be accessed remotely from systems. This type of malware modifies the security parameters of a selected device, so as to allow hackers to check it, steal information and even download other malwares.
Spyware: they are able to spy on the user while the latter accesses his/her online account or while he or she inserts his or her credit card information. Passwords and other user identification data are thereby transferred directly to hackers.
Zombie Trojans: they enable hackers to take control of an identified computer, by inserting the latter in a network controlled by them. This is the first step in the creation of a botnet, which is often used to perform DDoS attacks designed to compromise a network, flooding it with traffic.
Trojan downloaders: they download and run other malicious malwares, such as ransomware or keyloggers.
How to detect the presence of trojans on smartphones?
Trojans are not only a problem for laptops and desktops. They can also attack mobile devices, given their vulnerability.
Trojans come in the form of legitimate programs, although in reality they are a deceptive version of the "APP" containing a malware. Trojans can hide in unofficial pirated app marketplaces, prompting users to download them. Trojans create all sorts of unexpected events, infecting the infected phone with advertisements and keyloggers, which can steal information. Trojan dialers can even generate profits by sending paid SMS.
Some Android users have been victims of "Trojanized" apps even on Google Play, which constantly scans and eliminates compromised apps (often after Trojan virus has been discovered). Even browser extension add-ons can act as Trojans, since they are payloads capable of containing malicious codes. While Google can remove browser add-ons from computers, Trojans can place transparent icons on the screen on phones. They are invisible to the user, but react at the touch of a finger to free the malware.
IPhone users enjoy greater protection as Apple's restrictive policies (such as, access to the App Store, iOS system and other apps on the phone) do a good job in preventing Trojan raids. The only exception is the jailbreak of your devices in order to download free software from websites other than the App Store. Installing malicious apps outside the Apple environment makes users vulnerable to Trojans.
Obviously, iPhone device can also be jailbroken, but this is another story and in these cases you would need the support of qualified and equipped personnel, able to give you a hand to check if your device is really infected.
What to do in case of suspected trojan attack?
To ascertain the illicit installation of a trojan, and possibly identify those responsible, it is necessary to carry out an accurate forensic analysis. Dogma S.p.A. specializes in this type of investigation through the T.I.S.P. System® (TREATHS IDENTIFICATION and SECURITY PLAN) a team of highly qualified experts who carry out remediation on every type of device potentially under attack, providing evidence that can be used directly in court.
Call Dogma to immediately receive a quote and a confidential and free consultation, or use the form on the page to send us a request.
You can also Activate an investigation online, find out how.