Trojans are malicious software that can disguise itself within the target system and perform various malicious actions, including deleting and modifying user data, slowing down the system and Internet browsing. Here’s how to find the traces and tips to learn how to defend yourself.
The Trojans are perhaps the types of malware most common in the cyber threat landscape, and their main characteristic is to be able to disguise themselves so as not to imply users their actual goal.
It is software that the user usually has to run or by another malware to function correctly. Malicious code typically enters the target system under the guise of a utility or tool. However, the main job of Trojans is to perform one (or more) of these malicious actions:
- delete a user or system data;
- modify the data;
- encrypt data;
- copy the data;
- send and receive files;
- slow down the operation of the computer;
- slow down the network.
Below Are The Most Dangerous Trojans
Trojans have evolved into several more complex forms such as backdoors (which can manage computers remotely) and downloaders (which can download and install other malicious programs). So let’s analyze in detail the most common types.
Backdoor Trojans allow criminals to control a computer remotely. Attackers can perform a wide range of actions on an infected computer, including receiving, sending, deleting or launching files, displaying on-screen alerts, or restarting PCs.
These trojans can also help attackers install and launch third-party code on the victim’s device, record keystrokes (with “keylogger” programs ) or turn on the camera and microphone. Backdoors are sometimes used to manage a group of infected computers gathered in a botnet.
These trojans are exceptional compressed archives, designed to behave unusually when users try to unpack them. Usually, once opened, ArcBomb archives block or seriously slow down the system.
They can hide an object that contains identical and repetitive data, zipped into a small archive. For example, 10GB of compressed data in a 400KB archive. The decompression of such a library is expressly aimed at consuming all the target machine’s computing resources.
Banking Trojans are created to steal confidential user data such as login credentials, passwords, SMS authentication or credit card information.
Among the most common and known:
- Emotet: First detected in 2014, Emotet is malware that was originally created to steal bank data. In later versions, spam and download functions have been added.
- TrickBot: Created in 2016, TrickBot is still one of the most popular banking Trojans today. In addition to targeting banks’ computer systems, TrickBot also steals cryptocurrency from Bitcoin wallets. This malware consists of several modules combined with a configuration file. The modules have specific credential theft tasks, achieving “persistence” (i.e. prolonged presence in a computer system) or encryption.
Also Read: How To Become An Ethical Hacker
These Trojans have the task of accessing websites and servers, interacting directly with the browser without the user noticing anything. Clickers can also replace Windows hosts files where standard addresses are indicated.
Clickers are typically used for:
- increase the volume of website traffic to get more revenue from ads;
- perform DDoS attacks;
- redirect potential victims to web pages containing scam schemes or malware.
DDoS Trojans are intended to launch Distributed Denial of Service attacks on the victim’s IP address.
During such attacks, vast numbers of access requests are sent from multiple infected devices, overloading the target and preventing its proper functioning.
To successfully execute a DDoS attack, cybercriminals must infect many computers with this malware. To do this, they often resort to mass spam and phishing. Once the botnet is ready, all infected computers start attacking the victim at the same time.
Downloaders can download and launch malicious software, including other Trojans. The data regarding the location and name of the programs to be downloaded are stored within the code or obtained from the server controlled by the Trojan’s author.
Downloaders are often used as an initial foothold within the system, a vital element of the first phase of a ransomware attack. The downloaders then download the rest of the payload to complete the offensive.
This software are designed to install undercover malware that contains other malware hidden within their code (to prevent detection by antivirus software).
Many antivirus programs fail to scan and analyze all components in the dropper.
Usually, this malware is saved in a temporary Windows directory and then run without any notification.
A FakeAV hides its appearance by pretending to be an antivirus. It shows notifications and security warnings to users, similar to those of a real antivirus, except that these messages are intended to extort money from victims.
Inexperienced users tend to get scared by immediately purchasing the full version of the malware to get rid of non-existent security threats.
As in the case of banking Trojans, “Game thief” malware has the task of stealing confidential information. Instead of stealing documents and financial account data, these Trojans steal information from online gaming accounts (bookmakers or casinos).
These Trojans then use email, FTP and other data transfer methods to pass information to criminal hackers.
Instant Messaging Trojan
“IM” (Instant Messaging) Trojans steal login data to access instant messaging services such as Skype or WhatsApp.
The malware then sends this data to the attacker: can use access to gather additional information to carry out more elaborate attacks or ask for a “ransom” from the rightful owner to get the hacked account back.
How to Defend against Trojans
Most of these malware requires user permission to function correctly. Often unknowingly, malware is launched by opening an email attachment or giving macros consent in Office documents.
Thus, the best protection against Trojans is often the training of users, to give them practical tools to distinguish a potentially harmful file.