What is a Trojan Horse / Trojan?

Next to the Computer virus You have probably come across the term “Trojan” to describe malware on Macs and PCs. The word Trojan, which is short for Trojan horse, describes an app that pretends to have useful functions, but exploits weak points in the background, transfers computer data to the server or causes other damage. Trojans belong to malware and are a threat to individuals and companies alike. "Trojan" is often used as a synonym or generic term for other malware, such as viruses, rootkits or backdoor attacks. But there are striking differences.

What is a Trojan horse on the computer? How does a Trojan get onto the Mac or PC? And what do I do if you caught me a Trojan under macOS or Windows? Here you will find answers to these and other questions on the subject.
What is a Trojan horse on the computer? How does a Trojan get onto the Mac or PC? And what do I do if you caught me a Trojan under macOS or Windows? Here you will find answers to these and other questions on the subject.

What does a Trojan horse do on the computer?

The name is no coincidence, because a program called a Trojan horse pretends to be useful, but harbors attackers (scripts, codes, other programs, etc.) within itself. On Mac and PC as well as on mobile devices and other systems, Trojans ensure that an open door is used to inject unwanted content. This unwanted content can be of various types - viruses, Keyloggers or other stalkerware, other spy programs or digital nodes for file sharing, crypto mining, etc.

Among other things, the software smuggled in by a Trojan can read passwords, check keystrokes or open the door for other malware that can cause (even) more damage. The actions can also be: 

  • Deletion of data
  • copying data
  • blocking of data
  • Modifying Data
  • Restricting the System

How does a trojan get on my computer?

Most Trojans get onto the user's computer through a user-side download. The download can be a program or a simple e-mail attachment. Simply visiting a website is not enough here to infect Mac or PC. The download happens actively because the Trojan camouflage itself. Just as the historical "Trojan horse" was received with open doors, so users download a supposedly useful one App or download an app that was advertised as helpful in an email. 

There are various camouflage options. On the one hand, the downloaded and opened program can have a useful function, but it can also do other things in the background. On the other hand, the camouflage can be purely in the file name or in the icon of the app, for example if it imitates a known app. Then you open them, but the expected program does not start, only the background actions. After these are done, it doesn't matter if you terminate and uninstall the trojan. Because the malware that came up with it also works without it.

How do I recognize a Trojan?

The bad news first: Trojans are often difficult to find and remove even with conventional virus scanners. It is all the more important to recognize them beforehand. So you should check the download source, check the file size (a graphics program or game is not just a few kB or MB small) and never open email attachments from unknown email addresses. 

Signs that the computer has been infected with a Trojan horse can be: 

  • Adware has been installed: Strange messages or pop-ups appear in the system
  • New background programs are running: The computer is very slow because a Trojan or the software that came with it uses additional resources and thus slows down its computing time 
  • Lost Internet Connection: A Trojan horse, or software it installs, can also connect to a URL or open separate connection sessions (e.g. to a server), which can result in bandwidth reduction
  • Malicious windows: If unwanted windows and browsers open certain pages, this is a strong indicator of a Trojan infestation 
  • Missing Files: Programs installed by Trojans can delete, encrypt or move files on Mac or PC to another location
  • Virus protection is deactivated: If virus protection and/or a firewall are deactivated by a Trojan, the computer is more susceptible to cyber attacks 

What to do with a Trojan? 

If the computer behaves strangely after installing new software (e.g. the desired app is not running but the CPU more heavily used), it should be uninstalled. However, since injected programs can remain behind, it is advisable to also check the registry database and the task manager of the Windows PC or the programs folder and the Activity Monitor on Mac to check for suspicious software. The "Software" section in the macOS system report (Apple menu -> About This Mac -> "Overview" tab -> System Report...) can also be helpful here.

If you feel like you have a Trojan on your computer, the first step should always be to use an antivirus program. These programs scan all files and processes on the PC and scan the hard drive for trojans, viruses, worms, adware, spyware and other malware. Among other things CleanMyMac X implemented a malware scanner. Furthermore there is Intego Mac antivirus software. A tip: Use the full and longer-lasting scan and not the express scan. The latter only looks at the beginning and end of files, but not for code hidden in the middle. 

What types of Trojans are there?

There are different approaches to dividing known computer Trojans into types. In this way, one can look purely at the entry routes (i.e. the horses) or also include the interactions with the introduced software (attackers in the horse). Here are the most common Trojan and mixed types:

  • Connected by linkers, joiners, or binders program pairs consisting of the host program (the wanted app) and the malware. The launch and permissions of the first also necessitate the second. 
  • Dropper are Trojans that use an installation routine to store the malware. The installed malware often settles in the autostart (Windows) or in the login items (macOS), which is why it is reopened with every system start.
  • Plug-in Trojans and similar types contain the malware and do not separate it after launch. That is, by deleting the Trojan, the malicious functions will be removed. Infected browser plugins use the web permissions of the Browsersto access the Internet.
  • Feat-Trojans exploit the vulnerabilities in an application on the computer using data and lines of code. Plug-in types are similar but not the same because the browser's web access is intentional and useful. Exploits take advantage of vulnerabilities that are unwanted.
  • Banking trojan either use keyloggers or ensure that banking projects are redirected to a fake website. The goal is that Phishing, i.e. the tapping of login data. The account access made possible in this way can be restricted by certain verification methods (pushTAN, two-factor authentication, etc.).

Further information and sources

There is a lot more to know about Trojans, about what is known as the malicious routine of the malware they smuggle in, and how it differs from other malicious software. But that would go beyond the scope here and retell too much of what you can also find in one of the sources for this article: Wikipedia. Do you have any questions or additions? Then feel free to leave a comment on the topic!

Did you like the article and did the instructions on the blog help you? Then I would be happy if you the blog via a Steady Membership would support.

Post a comment

Your e-mail address will not be published. Required fields are marked with * marked

In the Sir Apfelot Blog you will find advice, instructions and reviews on Apple products such as the iPhone, iPad, Apple Watch, AirPods, iMac, Mac Pro, Mac Mini and Mac Studio.