What is Trojan Horse? Definition & Explanation
A trojan horse (or simply trojan) is a type of malware that disguises itself as a legitimate, useful program to trick users into installing it — granting the attacker access while appearing harmless. Unlike viruses or worms, trojans do not self-replicate; they rely on social engineering for delivery.
In-Depth Explanation
Trojans are typically categorized by their primary function: Remote Access Trojans (RATs — DarkComet, NjRAT, Quasar, AsyncRAT, Remcos give attackers full remote control), banking trojans (Emotet, TrickBot, IcedID, QakBot, Dridex — though many have evolved into broader loaders), info-stealers (RedLine, Vidar, Lumma, MetaStealer, Raccoon — harvest credentials, browser cookies, crypto wallets), backdoor trojans (open persistent access for follow-on operators), and downloaders/loaders (deliver second-stage payloads). Modern trojans employ extensive evasion: process hollowing, reflective DLL loading, AMSI bypasses, syscall direct invocation to avoid EDR hooks, packers and crypters from underground marketplaces (Saintly, Genesis), and increasingly LLM-generated obfuscation. Distribution channels include phishing attachments (malicious Office documents with VBA macros — now blocked by default in Office), malicious browser extensions, fake software updates (often via SEO poisoning of high-value search terms), pirated software, and compromised legitimate downloads. Detection has shifted from signature-based AV to behavioral EDR/XDR and machine-learning classifiers.
Why It Matters for Security
Trojans are the workhorse of the cybercrime economy — almost every information-stealing campaign, banking-fraud operation, and ransomware deployment begins with a trojan delivering the initial payload. The shift from VBA macros being blocked by default in Office (Microsoft 2022) has driven attackers toward LNK files, ISO/IMG containers, and HTML smuggling — but the underlying model remains the same: trick users into running malicious code disguised as something legitimate. EDR with behavioral detection is the most effective defense.
Related Tools
- CrowdStrike Falcon Prevent
Next-gen antivirus with AI behavioral analysis. Top-rated in MITRE ATT&CK evaluations. Blocks known and unknown malware, ransomware, and fileless attacks using
- Sophos Intercept X
AI-powered endpoint protection with deep learning malware detection and anti-ransomware.
- Malwarebytes ThreatDown
AI-powered endpoint security with automated remediation designed for lean security teams.
Frequently Asked Questions
What does Trojan Horse mean in cybersecurity?
A trojan horse in cybersecurity is a type of malware that disguises itself as a legitimate, useful program to trick users into installing it — granting the attacker access while appearing harmless. Unlike viruses or worms, trojans do not self-replicate and rely on social engineering for delivery.
Why is Trojan Horse important?
Trojans matter because they are the workhorse of the cybercrime economy — almost every info-stealing campaign, banking-fraud operation, and ransomware deployment begins with a trojan delivering the initial payload. Behavioral EDR/XDR is the most effective defense as signature-based AV cannot keep up with polymorphic variants.