Trojan viruses are a formidable threat to businesses and individuals. They're subtle, often go undetected, and can lead to a range of adverse effects from malware. They can grant access to sensitive data and credentials or be used to conduct special attacks and extort businesses. A device infected with a Trojan can be spied on and controlled in any number of ways. These malicious programs can be found in emails, on websites, and even on phones.
How exactly do they work, and what can you do to prevent them? We'll take a deep dive into the world of Trojan viruses and what you can do to protect your business against them.
If you're familiar with the story of the invasion of Troy, you already have an idea of how this type of deception works. In the story, the people of Troy accepted a peace offering from the warring Greeks in the form of a giant wooden horse. Once transported behind the city walls, Greek soldiers emerged from inside the horse and promptly took the city. A Trojan virus operates on the principle of disguising itself as a harmless or even beneficial attachment or link. After gaining access to the device, the virus can wreak havoc in many ways.
One example of a Trojan infection occurs when a user initiates a download or clicks on a link that seems to be legitimate. Instead of receiving the program they're expecting, the user downloads the Trojan, which is often well-hidden from security protocols and antivirus software. Once installed, the Trojan can do everything from tracking keystrokes to taking control of your desktop.
Although commonly called a Trojan virus, that name is actually a misnomer. Viruses, by definition, replicate themselves. While Trojans can include viruses, they refer to many types of malware, including worms or ransomware. The word "Trojan" is more aptly used to reference the delivery method used to insert the malware. You'll often hear terms like Trojan virus, Trojan horse virus, and Trojan malware used interchangeably. The underlying current of all of them is how they appear as harmless or beneficial programs to gain access to a system.
How do Trojans work?
Trojans are a versatile type of malware with many effects and routes of entry. In many cases, they use a Trojan dropper, which is a helper program that doesn't do anything malicious itself but creates a path for the Trojan to sneak by undetected. Essentially, the helper virus is the wooden horse, and the Trojan virus is the Greek soldiers inside.
The dropper helps get the Trojan past antivirus defenses, such as User Account Control (UAC), a Windows element that notifies the user about actions affecting critical system elements. After slipping by, the dropper deposits the Trojan and may then uninstall itself. Some types of droppers stay on the system to pave the way for more malware and will reinstall themselves if removed.
To get the dropper and malicious program onto the device, many hackers turn to social engineering. Social engineering is a method of manipulation that relies on human elements — it targets our behavior using emotions like desire, fear, and ignorance to convince us to do something the hacker wants. Users might be persuaded to download a suspicious file, click on an untrustworthy link, or call a random number for help, ultimately granting access to the attacker.
Social engineering is tricky to defend against because it's not as simple as adding a firewall or new hardware. The most high-tech setup won't do much if an employee leaks their password to someone. Social engineering is a significant concern for Trojans. In Verizon's 2021 data breach report, social engineering was the most common cause of data breaches, and85% of breaches involved a human element.
Trojan infection methods
Potential methods of infecting a user with a Trojan horse include the following. Many can overlap, and you'll notice most are a form of social engineering:
A phishing attempt usually looks like an email, text, or phone call from a legitimate-looking business. The sender might try to convince you that you need to make a payment, verify account details, or claim a prize. After you click the link or download the attachment, you've also downloaded the Trojan.
There are many types of phishing attacks, which can even occur on social media and are sometimes designed for high-value targets like C-level executives. While many phishing attempts are quite sophisticated, most have some telltale signs and can be avoided with the right preparation. Aspects like awkward formatting, unofficial emails, and suspicious attachments can all point toward a phishing email.
Scareware tries to convince you that you need to download software to protect your computer. A typical example is a pop-up that claims your computer is infected and you need to install the hacker's antivirus to fix it. Of course, the “solution” is actually a Trojan that deposits malware. As the name implies, scareware targets fear and tries to invoke a sense of urgency. Other potential threats involve finances, such as a hacker posing as someone from the Internal Revenue Service (IRS) or your bank.
3. Automatic downloads
Another simple mechanism is a download that starts automatically upon visiting a website. By visiting untrustworthy websites, you could open yourself up to Trojans. Most browsers have options to prevent automatic downloads, which can help prevent many of these Trojans.
4. Voluntary downloads
Some people don't need to be convinced and will willingly download a piece of software if they believe it contains something trustworthy. The user might download an app online, thinking it’s legitimate, and get a Trojan instead. Many operating systems will warn you about running untrustworthy apps, but people can bypass these warnings, and some Trojan droppers can get around them.
5. Software exploits
As software creators identify vulnerabilities, they release patches. If you don't apply these updates, hackers can use a known vulnerability in software, networks, and operating systems to install a Trojan on a device. The prominent Code-Red worm, for instance, used vulnerabilities in Microsoft's servers to spread itself far and wide, affecting more than 2,000 new hosts each minute. Trojans can scan a system looking for weaknesses and zero in on whatever they find.
Types of Trojans
Trojans can have a multitude of goals, but usually the hackers are after money. To get it, they might target bank account info or confidential corporate data, holding it hostage or threatening to destroy it
Hackers might also use a victim's device to spread the Trojan or conduct nefarious tasks. When this happens, it's usually in the form of a botnet, which is a network made of infected devices controlled by the attacker. Botnets can be used to conduct distributed denial-of-service (DDoS) attacks. DDoS attacks are used to shut down a website by overloading it with multiple requests from all the devices in the network, which exceeds the network’s capacity and can cause trouble for businesses and governments. The purpose of DDoS attacks can include everything from political attacks to eliminating corporate competition.
Here are some examples of Trojan malware:
- Backdoor Trojan: Provides the hacker with remote control over a computer, from which they can access private information or link the computer to a botnet
- Banking Trojan: Targets financial account data such as online bank logins and card information
- Exploit Trojan: Takes advantage of a vulnerability in an application, usually one that's unpatched
- Remote access Trojan: Gives the attacker complete access to the device from a remote location
- DDoS Trojan: Links a computer to a botnet to conduct a DDoS attack and incapacitate a website
- Cryxos Trojan: Typically uses scareware and pop-ups to pressure the user to call or click for tech support, during which time the hacker could gain remote access to the computer
- Spy Trojan: Collects information about computer use, such as keystrokes, screenshots, visited webpages, and applications used
- FakeAV Trojan: Poses as antivirus software reporting nonexistent threats for financial payments or downloading malware
- Mailfinder Trojan: Collects email addresses from the infected device to conduct further attacks
- IM Trojan: Collects logins for instant messaging platforms such as Facebook Messenger and WhatsApp to control conversations and spread the Trojan
- GameThief Trojan: Collects account information from gamers
- Ransom Trojan: Modifies or corrupts computer data and holds it hostage before asking for a ransom payment from the company
- Rootkit Trojans: Provides high-level access to a network or computer while preventing the malware from being detected
As you can imagine, there's a lot to look out for when it comes to Trojan viruses, and the signs are not always obvious.
The impact of a Trojan virus
Trojan viruses can affect many parts of a business, from security and finances to reputation and efficiency. For example, a ransom Trojan can deplete a bank account, bring operations to a halt, leak confidential information, and impact your image with customers. Since Trojans tend to be good at hiding, you'll likely feel these effects before you know the malware is there.
These malicious programs often run in the background of your computer, so they can contribute to slower performance or more frequent crashes. If you notice your computer is moving slower or crashing often, it could be a sign of a Trojan. Other annoying aspects hit your web browser and emails. You might see more pop-ups, redirects to sketchy websites, or an increase of spam in your inbox. Unusual messages or graphical glitches can also be indicative of a Trojan.
Even if you see these effects, running an antivirus scan isn't always effective, and some Trojans can disable your antivirus or other security programs. Trojans can be incredibly hard to get rid of, especially if they're sophisticated, like rootkit attacks. Sometimes, the only solution is to completely reinstall the operating system. That also deletes all the data on that device and cannot protect data that's already been compromised.
While Trojans can have significant effects for individuals, they can be detrimental to businesses. With so much confidential data on hand, organizations have a lot of value in hackers' eyes. They could be after you or your customers' financial details or personal information. They might also be conducting corporate espionage or attempting to extort you for money. The sky's the limit for these attackers, so Trojans must be included in your data protection strategy.
Can Trojans infect cell phones?
Trojans can infect cell phones. Usually, this occurs on Android devices when the user downloads a program through unofficial channels, such as an untrustworthy website. Even official channels can sometimes let malware through if the requirements to upload an app are lax. By only downloading from trusted, reputable developers, you can reduce this risk. Company-issued devices should have robust policies and restrictions in place to prevent unauthorized downloads.
Compared to Androids, iPhones use a more restrictive sandboxing process. Sandboxing is a development method in which applications are isolated from other critical systems in a device, preventing unrestricted access to system resources. In other words, each app runs on its own and does not communicate with other parts of the device.
While Androids have sandboxing, Apple has more restrictive settings and a robust developer vetting process that keeps malware out. If an iPhone gets a Trojan, it's typically because the phone was jailbroken. Jailbreaking phones calls for bypassing manufacturer limitations, including security policies, so it's not surprising this creates a route for malware.
How to protect yourself against Trojans
Trojans are particularly tricky to get rid of once they're in place, so prevention is the best method for beating them. Below are some best practices for Trojan prevention in businesses:
1. Stay suspicious
Users should never download software or click on attachments unless they're 100% sure they're trustworthy. Consider device restrictions and policies that only allow for downloading programs authorized by your IT team. Teach employees to stay on their toes and watch for fear-mongering pop-ups or odd emails that point to phishing. When business data is at risk, it's better to be safe than sorry.
2. Update software immediately
Conduct updates as soon as possible. Many Trojans and other types of malware target known and patched vulnerabilities. Without the update, you're leaving your systems wide open to exploits. Make sure all software and operating systems are regularly updated or, better yet, automatically updated.
3. Train your team
Since many Trojans target human behavior, it's vital your team knows what to look for. They should be extensively trained on avoiding phishing attacks and keeping their devices protected. Implement a testing program that evaluates their ability to catch and report phishing attempts while keeping them alert.
Some topics to train on include:
- Telltale phishing signs, like sketchy email addresses, typos, and mismatched links
- How to avoid unsafe websites — looking for "https" in the URL and using browser protections
- Not clicking on pop-ups or suspicious links and never downloading from untrusted sources
- Using password best practices
- Watching for subtle changes in computer performance or display, such as slow operation, a different screen resolution, or new programs they didn't install
- Knowing what to do if they suspect malware — usually who to contact in IT
4. Install a firewall and antivirus program
If your office is a physical office, you may already have a firewall in place, but if not, considering installing one. A firewall is like a filter that follows certain parameters to keep malicious communications out. Even if an employee tries to download something malicious, firewalls are often effective in preventing infection to user devices. A firewall isn't a silver bullet, but it's a security necessity and has historically been considered the first line of defense.
A strong antivirus program can also be a valuable piece of the puzzle. This software should come from a reputable company that meets the specific threats facing your business. Email filters are another good way to keep Trojans out. Most email providers have strong options for spam filters that can catch the majority of phishing attempts.
5. Conduct regular backups
While backing up your data won't prevent Trojans, it can make them less damaging. If your business becomes a victim of ransomware that holds your data hostage, recent backups can absolve you of giving in to their demands. You can simply restore the data and carry on as usual. The same goes for other attacks that corrupt a device or its data.
Cloud backups can be especially useful if a device is infected. Say a hacker is monitoring an employee's screen. The employee detects it and continues their work from another device while IT sorts out the Trojan. Cloud-based backups take device-specific concerns out of the equation with access to files from anywhere.
6. Only work with trustworthy partners
Many Trojans come from unreliable sources or from poor security practices. You likely have a variety of programs and businesses you partner with to get the job done, such as your antivirus and email providers. Ensure everyone you work with abides by strict security standards. Most well-known and established companies have robust policies in place, but it's always important to do your homework.
How Box helps protect your critical data
One of the most prominent risks of Trojan malware is the exposure of business data. You might have sensitive client information, financial account numbers, confidential design files, and any number of documents that hackers can use for extortion and deception. Less-sophisticated data handling practices can also be a prime opportunity for Trojan infections. If you're sending and downloading files via email or poorly secured hosting services, you become more vulnerable.
Box answers these problems while delivering exceptional content management tools for all types of businesses. With Box Shield, you can leverage machine learning for frictionless security across all your data throughout the content lifecycle. With features like native, automatic classification and timely alerts for malware threats, Box Shield makes data security simple, scalable, and effective.
Capabilities you can expect with Box Shield and the Content Cloud include:
- Automatic classification based on personally identifiable information (PII), intellectual property, and custom terms
- Granular permissions and configurable access policies to fit different types of documents
- Intelligent threat detection for easy identification of anomalous behavior and the presence of malware
- End-to-end AES 256-bit encryption
- Comprehensive audit logs and admin reporting
- Two-factor authentication
- Easy compliance with industry regulations
Learn more about what Box has to offer
In addition to robust security, the Content Cloud has a variety of tools to make the most of your content, from real-time collaboration to natively integrated e-signatures to automated workflows. We’re trusted by over 100,000 organizations across industries like financial services, life sciences, and public sector. . We take security seriously, with enterprise-level protection across the board.
Whether you're looking to protect data for a multinational enterprise or a small business, we have solutions to help keep your data safe and maximize its value — all while keeping Trojans at bay. Take a look at what Box can do, or contact us to learn more.
Over 100,000 organizations protect their content with Box
**While we maintain our steadfast commitment to offering products and services with best-in-class privacy, security, and compliance, the information provided in this blogpost is not intended to constitute legal advice. We strongly encourage prospective and current customers to perform their own due diligence when assessing compliance with applicable laws.