What Are Trojans?

A Trojan horse, or Trojan, is a type of malware that tricks you into thinking it has a legitimate purpose. Recall the tale from the Trojan War that gives us its name; Odysseus schemed to infiltrate the City of Troy by hiding Greek soldiers in a wooden horse, which was offered at the gates of Troy as a gift to the city and was subsequently brought inside. Once the citizens of Troy were asleep, the soldiers emerged from the horse and attacked.

Typically, Trojan horses of the malware variety work in this same way, by disguising itself as something desirable so you let your guard down and install malware that can spy, steal data, or otherwise cause damage to your computer or system.

New Trojans are emerging that target the banking industry generally, with some targeting cryptocurrency exchanges specifically. Attackers using a strain of the Cerberus Trojan targeted several crypto apps on Android phones by stealing two-factor authentication tokens from Google Authenticator, PIN codes, and swipe patterns. Once installed, the Trojan granted the attackers access to cryptocurrency exchange apps and cryptocurrency wallets.

Unlike viruses, Trojans cannot self-replicate and rely on you to open and execute them, often with a seemingly benign action like opening and downloading an attachment on an email.

A Trojan-downloader is a type of Trojan used by attackers to download malicious programs onto host computers. Another common type of Trojan is a backdoor, which provides a bad actor with remote access to a system via a backchannel. This type of channel allows direct communication from the impacted system to that bad actor’s command and control center, who can then control the device and manipulate data, deploy more malware, or create a zombie network of infected computers. This means any data, files, cryptocurrency wallets, and applications may be subject to manipulation without the targeted device owner’s knowledge.

A rootkit is a type of Trojan that is designed to hide activity or code placed in a system so as to avoid detection and extend the effective time of infection. Rootkits acquire root-level access to a device or system and can boot up with or before an operating system.

Another type of Trojan is trojan-ransom malware. Ransomware can block, encrypt, or modify data and generally infiltrates a computer, phone, or network as a Trojan. Cybercriminals use this form of malware to demand a ransom payment, often in the form of cryptocurrency. The CryptoLocker Trojan ransomware discovered in 2013 was spread via email attachments and a Gameover ZeuS botnet. It worked by installing onto a user’s profile folder, with keys stored on the command and control servers of the attackers, and the files on the hard drives were encrypted. Ransom in bitcoin was demanded in exchange for decryption keys. Learn more about protecting against ransomware here.

Banking Trojans can steal account data for online banking, credit and debit cards, or cryptocurrency wallets. While threats to online banking services have been more common, Trojans like Dridex, which has been used to attack e-banking services, have turned their attention to cryptocurrency exchanges by using advertisements that trick users into downloading them.

Any number of Trojans can affect cryptocurrency users. While some malware, especially ransomware attacks, may become immediately apparent when cybercriminals demand ransom, many Trojans are concealed to effectuate longer-term damage.