A Trojan horse (Trojan horse) is a computer program that is hidden in the background and performs completely different functions or follows motives.
Through a Social Engineering scam, the user is encouraged to download and install a program that contains trojans. By activating it, cybercriminals have the opportunity to spy on the user and obtain confidential data.
As soon as the program is executed, a malicious program is secretly installed, which then runs independently. The deletion of the Trojan program does not affect the malware.
However, a Trojan does not necessarily have to be a malicious program. As soon as a non-obvious functionality is hidden in a program, which has no harmful effects, it is already referred to as a Trojan.
The different types of Trojans
Trojans are constantly evolving, which means that different types of Trojans are in circulation.
In the case of a backdoor Trojan, the cybercriminal has the opportunity to remotely infiltrate the infected device. The attacker aims to delete files, change settings and collect personal data.
These Trojans often hide in simple programs. Primarily, the operating system is affected after execution, as security vulnerabilities are sought in order to gain control over the system and access to personal data.
The intruder first gains access to the entire computer system in order to encrypt all the data afterwards and to demand a ransom in the form of bitcoins for the decryption.
In this Trojan, the cyber criminals use the resources of computers to send a flood of requests to various addresses in the network, thereby overloading the network.
These Trojans can stay in the system unnoticed. An antivirus program does not recognize the presence of such a Trojan. The perpetrator has the ability to manipulate the operating system and gain administrative privileges.
The dropper is known for installing other Trojans or viruses. Some versions ensure that no malicious intent is detected.
This Trojan is often found in unreliable download sources. These Trojans can download additional software onto your computer. Most of the time, it is adware or another unwanted program that can have fatal consequences for the computer.
These are programs that pretend to be anti-virus software. After installation, alleged malware threats are reported. For its removal, the victim is supposed to pay money to the fake AV manufacturers.
How do you "catch" a Trojan?
Primarily, the infection of a system by a Trojan starts from the user. Users fall for the tricks and scams of cyber criminals and assume that they have installed useful software. Another danger is when the system is not properly patched to the latest version. This creates a large number of attack vectors.
The bottom line is that there are four ways of infection.
Software that has been downloaded
Trojans often hide on websites that offer software in general. On such platforms, many programs are uploaded every day, so that it is no longer possible to guarantee that every piece of software has been checked properly. Accordingly, many programs are infected with Trojans, which can infect the user’s system.
Many social media platforms offer instant messaging services to communicate via the chat function. Videos and pictures can be shared via such ways, which sends a link to all of the user’s contacts as soon as they are clicked. After opening the link, the user unknowingly downloads a file that may contain a Trojan.
It often happens that cyber criminals send credible emails, which allegedly come from companies like Amazon or Paypal. These emails often contain images and videos, but mostly links as well. As soon as you open the file or a link, the Trojan can install itself in the system.
What should you do if you are already infected?
External service providers help to determine the origin of the Trojan through specially developed software solutions.
Security gaps and vulnerabilities
A Trojan horse can also infect an IT system by using a worm or Malware via so-called 0-days or via known security gaps, for example, due to the lack of security updates.
The following are the primary steps you should go through:
- All contacts in the organization should be contacted first
- Back up system logs, log data, and other helpful information
- Headquarters contact point für Cybercrime (ZAC) at the State Criminal Police Office should be informed immediately. Also, file a criminal complaint.
- Report the matter to your cyber insurance (if available)
To uncover possible vulnerabilities in your company, you should have a professional penetration test performed. During the penetration test, your IT system is manually analyzed for vulnerabilities to show you where the action is needed. It is important that not only the technology but also the human factor is taken into account.