Askeal Logo

Trojans

Trojan malware, often called a Trojan horse, is a type of malicious program that disguises itself as legitimate software to gain unauthorized access and control over systems.

What is a Trojan?How it typically works?Common techniques & variantsImpactFurther reading

What is a Trojan?

A Trojan is a category of malware that relies on deception rather than self-replication. Unlike worms or viruses, it cannot spread on its own. Instead, attackers disguise Trojans as legitimate files or applications to trick users into running them. Once installed, a Trojan gives adversaries unauthorized access to the system. This can include data theft, credential harvesting, or creating a backdoor for persistent remote control. Over the past decade, Trojans have evolved into sophisticated platforms used in both cybercrime and espionage. Campaigns such as Zeus, Emotet, and TrickBot illustrate how Trojans can grow from simple tools into global operations that compromise millions of systems.

How it typically works?

  1. Delivery: the Trojan is delivered through phishing emails, malicious websites, or bundled in pirated software.
  2. Execution: once installed, it silently runs in the background, often disguised as a normal process or service.
  3. Payload activation: the Trojan opens a communication channel with a command-and-control server, enabling data exfiltration or the installation of additional malware.
  4. Persistence: attackers configure the Trojan to survive reboots and remain undetected, often disabling security software in the process.

Common techniques & variants

  • Remote Access Trojans (RATs): enable attackers to take full control of systems. Famous examples include DarkComet and njRAT, both used in large espionage campaigns.
  • Banking Trojans: designed to steal financial information by intercepting online banking sessions. Zeus, Dridex, and TrickBot are among the most notorious, responsible for large-scale credential theft and fraud.
  • Downloader Trojans: install additional malware once the initial infection succeeds. Emotet started as a banking Trojan but became one of the most widely used downloader platforms before law enforcement disrupted it.
  • Backdoor Trojans: open hidden channels for attackers to remotely access infected devices. Examples include Hupigon and Glupteba, often used to build botnets.
  • Info-stealing Trojans: specialized in exfiltrating credentials, cookies, or documents. Agent Tesla and Lokibot remain active in campaigns targeting enterprises.

Impact

Trojans represent one of the most versatile and dangerous categories of malware. Their impact depends on the payload delivered and the intent of the attacker. Banking Trojans have caused billions of dollars in fraud by intercepting financial transactions. Remote access Trojans have been used in espionage campaigns, granting adversaries persistent access to sensitive corporate networks. Notable campaigns include Zeus, which pioneered large-scale credential theft; Emotet, which evolved into a global malware delivery platform; and TrickBot, which infected millions of systems before international law enforcement disrupted its infrastructure. For SecOps teams, Trojans remain a constant concern because they often serve as an entry point for ransomware and advanced persistent threats.

Further reading

Related topics

MalwareRansomwareWormsSpywareFileless Malware