Trojan horse

What Is a Trojan Horse?

We all know the story of the original Trojan horse: during the Trojan War, Odysseus and the Greeks hide their soldiers in a wooden horse that’s left outside the enemy city of Troy.

The Trojans, thinking that the horse is a gift, bring it inside the city walls. Once in position, the soldiers emerge from the horse, defeat the Trojan army, destroy the city and end the war.

It’s an inspiring story if you’re on the side of the Greeks.

But the modern version of the story is reenacted every day on our computers with Trojan horse malware. This time, cybercriminals play the role of the Greeks — and their victims are ordinary, unsuspecting people.

What Is a Trojan Horse?

Trojan horses, often abbreviated to Trojans, are pieces of malware (malicious software) that, like the original wooden horse, disguise themselves as desirable or benign files or programs.

In actuality, it’s all misdirection: the Trojan’s true purpose is to wreak havoc on you and your device.

How Trojan Horses Spread


Unlike viruses or worms, Trojans can’t replicate themselves. They require their victims to download them, either voluntarily or unintentionally, before they can start working.

This necessitates a clever disguise — and often, a bit of social engineering.

Trojans may come bundled with cracked software, luring you in with the promise of a free version of an expensive program. Sometimes they even include a working copy of that program, making it all the more easy to distract you from the malicious portion of the download.

But even non-pirated programs, like free games, browser extensions, or screensavers, can actually be Trojans.

Some especially insidious Trojans appear to be antivirus programs or important security patches, urging you to act immediately due to a serious vulnerability. The only real threat, though, is the Trojan itself preying on your sense of caution.

Other Trojans spread through emails and IMs, often in the guise of an important attachment like an unpaid invoice or a personal letter. These messages may appear to come from people you know, increasing your willingness to open them.

And the stealthiest Trojans lurk on sketchy websites, then sneak onto your computer via a drive-by download — a download that initiates itself invisibly and automatically, without you needing to click on anything.

Types of Trojan Horses and What They Do

Once they enter your computer, Trojans are free to carry out their real attacks.

These attacks take on many forms depending on the exact variety of Trojan. Here are a few of the most common types.

Downloader Trojans

Some Trojans save the true carnage for later. Instead, they act as entry points for other malware, downloading infected programs that you would never have downloaded on your own.

These other malicious programs could be anything from more Trojans to adware to keyloggers to ransomware — the possibilities are limitless.

Other types of Trojans may also include a downloader component, causing their own damage while also paving the way for more malware to join in.

Backdoor Trojans

Backdoor Trojans create secret access points for attackers to take remote control of your computer. They often do this by taking advantage of security vulnerabilities in your OS or installed programs.

A backdoor lets the attacker see and modify your files, conduct malicious uploads or downloads, steal your personal data, and corrupt or erase your hard drive. Some attackers even use backdoors to conduct criminal activity using other people’s computers, setting the victim up as the “fall guy.”

DDoS Trojans

DDoS attacks

Many hackers conduct distributed denial-of-service (DDoS) attacks using computers that have been compromised by Trojans.

The Trojan turns the computer into a zombie whose only purpose is to bombard a target network or web server with traffic. As more computers become infected with the Trojan, they get sucked into this “botnet,” further increasing the traffic and eventually causing the target to error out and go offline.

This strategy allows the attacker to create a virtual army with which to carry out attacks against personal, political or economic enemies.

Banker Trojans

Banker Trojans are designed to seek out financial information like bank statements, account numbers, credit card info and electronic payment platform credentials.

They may scan your files for valuable data or spy on your browser activity to extract banking login info or credit card numbers.

The attacker can then use this stolen data to break into your accounts, deplete them of funds and disappear without a trace.

Ransomware Trojans

Ransomware Trojans are among the most unsettling Trojans out there, and they’re becoming more and more common with the rise of cryptocurrency.

A ransomware Trojan encrypts some or all of your files, then demands that you pay a ransom to unlock them, often within a short timeframe of just a few days. It warns that if you don’t pay up, the encryption key will be deleted, and your files will be permanently unrecoverable.

The urgent nature of the demand makes many victims panic and pay up, sometimes giving the attacker thousands of dollars to get their files back.

Email or Mailfinder Trojans

Mailfinder Trojans collect email addresses from your address book and email programs.

In some cases, they sign all of these emails up for spam mailing lists or use them to create fake accounts on various websites.

But some email Trojans hijack your email app and assume your identity, then send all of your contacts malicious attachments or harmful messages. You become a puppet in the attacker’s game — and a vector through which they can find new victims.

Join Our Community

And Get Our Best Stuff for FREE
We respect your privacy and you can unsubscribe anytime.

Key Trojan Horse Takeaways

A trojan horse
  • Trojan horses are a type of malware that disguise themselves as non-malicious downloads.
  • Many Trojans mask themselves as free pirated software, though they may also appear as legitimate apps or email attachments from trusted contacts.
  • Trojans can act as middlemen between your computer and other, more directly harmful malware.
  • Other Trojans conduct their own malicious activity, including stealing financial info, ransoming your files, turning your computer into a “zombie” in a botnet, or giving an attacker direct control over your computer.

History of Trojan Horses

The original Trojan Horse attack was conducted over 3,000 years ago. Back then, nobody could have predicted the new form this strategy would take in 1974, when the first computer Trojan made its debut.

The ANIMAL program, created by John Walker, was a 20-questions style game that guessed your favorite animal. And while it performed its stated function, it also secretly spread itself to other file directories, combining a Trojan-style package with the self-replicating mechanism of a virus.

But this relatively harmless nature wouldn’t last long. In the late ’80s and early ’90s, as the internet became more accessible, criminals began using Trojans to conduct truly malicious activities.

The 1989 AIDS Trojan arrived on 20,000 floppy disks, handed out at the World Health Organization’s AIDS conference by creator Joseph Popp. It claimed to contain information about AIDS, but was actually designed to encrypt the user’s files and demand a payment of $189 to decrypt them.

In the 2000s, with personal computers and email accounts now commonplace, Trojans were hiding everywhere. The ILOVEYOU Trojan disguised itself as a love letter, while the Zlob Trojan purported to be a Microsoft ActiveX video codec.

Today, Trojans continue to insinuate themselves into virtually every new computing development, from filesharing to video streaming to cryptocurrency.

Trojan Horses by the Numbers

Famous Trojan Horse Attacks

The Emotet Trojan

Emotet first appeared in 2014, disguised as an email containing an invoice or payment confirmation. In reality, the attachment was a banking Trojan that used mailfinding techniques to reach more victims.

Sporting a money transfer module and the ability to download other banking Trojans, Emotet quickly racked up millions of dollars in damages. It struck indiscriminately, hitting hospitals, city governments, schools, and ordinary citizens alike.

By the time the Trojan was finally subdued in 2021, it had infected over 1.5 million computers and cost its victims over $2.5 billion.

The Petya and NotPetya Trojans

First seen in 2016, the Petya Trojan encrypted the victim’s boot record, rendering the computer unusable and the files inaccessible. It then demanded a bitcoin ransom to restore access to the machine.

But its successor, NotPetya, took the destruction to the next level in 2017. It specifically targeted agencies and companies in Ukraine, including banks, energy companies, airports, gas stations, transportation networks, and even the Chornobyl nuclear plant.

NotPetya demanded a relatively small ransom of $300 USD, but upon payment, many victims found that their systems were not actually restored. It’s thus believed that the Russian government was behind the attack, aiming not to make money but to damage Ukraine’s infrastructure.

All told, Petya and NotPetya caused over $10 billion in damages worldwide, making it possibly the most destructive cyberattack in history.

0:02 / 1:38


Malware #Trojanhorse #Eyeontech

What Is a Trojan Horse and How Does It Work? (Video)

"Amateurs hack systems, professionals hack people."
-- Bruce Schneier, a renown computer security professional