Much like the wooden horse of Greek mythology, a trojan horse program (usually called a trojan) appears to be desirable or harmless, but also silently performs actions that are harmful to the user's device, data or privacy. A legitimate program that also performs a harmful action because of a bug in its coding or flaw in its design may also be considered a trojan, at least until the problem is fixed.
Very generally, trojans can be divided into two groups based on the actions they perform: data-dealers and control-stealers. Data-dealers will look for and steal information from the device or data about the user, such as credit card numbers, passwords or documents, keystrokes entered or the user's web browsing history; control-stealers meanwhile focus on taking control of the computer, for example by installing a backdoor to control the system or programs or opening a channel to a remote site where an attacker can give commands to the infected device.
How do they Work:
Trojans first and foremost rely on tricking the user into believing that the program is legitimate, so that they will willingly install the malware themselves. Malware authors will often go to great lengths to make their trojans look authentic, often disguising them as movie or sounds files, documents, popular games, product updates for legitimate programs and so on. If a user can successfully see through this disguise, avoiding the threat is much easier.
Trojans are distributed in many ways – via malicious or compromised websites, in email messages as file attachments, through social media or file sharing networks, even on removable media such as USB sticks. Usually, these distribution channels involve some sort of trickery, such as promising the user a video or image if they click on a link, which gives them the malware instead.
More malicious attacks involve using vulnerabilities in the user's device to forcibly download and install the trojan without the user's permission, in an attack known as a driveby download.
How to Avoid Them:
Avoiding trojans often comes down to keeping any installed programs on a computer updated to block any attempts at driveby downloads, and exercising some vigilance when downloading files from the Internet, even when offered by a trusted contact. Reputable antivirus programs (especially those with a website security indicator such as Browsing Protection) also provide a layer of defense against these malware.