anavem.
Back to Glossary
T

Trojan

A trojan is a type of malware that disguises itself as legitimate software to trick users into installing it, then performs malicious actions in the background.

What is a trojan?

A trojan, short for Trojan Horse, is malicious software that pretends to be legitimate - such as an update, utility, or document - to deceive users into executing it. Unlike viruses or worms, a trojan does not self-replicate; it relies on user interaction to gain access.

Once executed, a trojan can steal data, install additional malware, or grant attackers remote control.

Why trojans matter

Trojans are dangerous because they:

  • Bypass trust-based defenses
  • Exploit human behavior rather than vulnerabilities
  • Serve as initial access for larger attacks
  • Enable persistence and lateral movement
  • Are often used as loaders for ransomware

They are a common first stage in modern cyberattacks.

How trojans are delivered

Common delivery methods include:

  • Phishing emails and malicious attachments
  • Fake software installers or updates
  • Compromised websites and downloads
  • Cracked or pirated software
  • ClickFix-style social engineering
  • Malicious ads or SEO poisoning

User execution is the key infection vector.

What trojans can do

Depending on the payload, trojans may:

  • Steal credentials and sensitive data
  • Log keystrokes and screen activity
  • Download and execute additional malware
  • Create backdoors for remote access
  • Disable security controls
  • Establish persistence mechanisms

Their behavior is often modular and stealthy.

Common types of trojans

Trojans are often classified by function:

  • Backdoor trojans -- enable remote control
  • Banking trojans -- target financial data
  • Info-stealers -- collect credentials and tokens
  • Downloader trojans -- fetch additional malware
  • Spy trojans -- monitor user activity

Modern trojans frequently combine multiple capabilities.

Trojan vs virus vs worm

Malware typeKey characteristic
TrojanDisguised as legitimate software
VirusAttaches to files and replicates
WormSelf-propagates over networks

Trojans rely on deception rather than propagation.

Trojans and modern attacks

In enterprise environments, trojans are often used to:

  • Establish initial footholds
  • Deploy EDR-evasive payloads
  • Enable lateral movement
  • Prepare ransomware deployment
  • Exfiltrate sensitive data quietly

They are frequently combined with living-off-the-land techniques.

Detection and prevention

Effective defenses against trojans include:

  • User awareness and phishing training
  • Email and web filtering
  • Endpoint protection (EDR/XDR)
  • Least-privilege execution
  • Application control
  • Monitoring suspicious process behavior

Behavior-based detection is critical.

Common misconceptions

  • "Trojans spread automatically"
  • "Antivirus always detects trojans"
  • "Only non-technical users get infected"
  • "A trojan is the same as a virus"