Trojan malware: The hidden cyber threat to your PC

Trojan malware has evolved into one of the most dangerous malware types. Ignore the threat at your peril.
Written by Danny Palmer, Senior Writer

Cyber criminals are always looking for brand new ways of making money and causing destruction — or, even better, both at once.
The last 12 months have seen a boom in malicious cryptocurrency mining whereby cyber attackers secretly hijack the processing power of computers, servers and even IoT devices and use it to mine for cryptocurrency. While it might not be rapidly lucrative for the crooks involved, it's stealthy and can be sustained over a long period of time — and most users don't even know their machine's processor is being used to line someone else's pockets.

Ransomware takes the opposite approach: pay up, or risk having your files permanently locked, with the WannaCry and NotPetya ransomware attacks causing destruction around the world.

But while cryptojacking and ransomware continue to be widespread threats, other attackers have continued to quietly deploy a potentially much more damaging threat: trojan malware.

As the name suggests, trojan malware sneaks onto your PC by disguising itself as something else, often hidden in a malicious attachment that's distributed with a phishing email.

Trojan attacks range from those using commodity malware, with phishing emails spammed out in bulk in the hope of scooping up victims for the purposes of stealing their login credentials, banking information or other private information. Other attacks are far more precise, targeting organisations or even individuals to gain access to specific data or information: this can be for creating a persistence presence on their network for espionage, stealing data and selling it, or loading other malware onto the system. 

SEE: Cybersecurity in an IoT and mobile world (ZDNet special report) | Download the report as a PDF (TechRepublic)

It sometimes appears as if trojans have been overlooked when talking about hacking threats, with some seemingly dismissing the malware as old-hat, a dated means of attack. However, a recent report from security company Malwarebytes reveals how trojans and backdoor attacks have rocketed in the past year.

"We're seeing a new generation of stealers make an impact recently," says Jérôme Segura, head of threat intelligence at Malwarebytes. 

"Their code base is often inspired by legacy malware — either as a plain copycat or a fork — and their stealing capabilities go beyond typical form grabbing or password scraping. For example, these days you might see stealers looking for cryptowallets or perhaps target two-factor authentication software." 

Gaining persistent remote access — be it to a single user's computer, or a whole network — is key to many cyber attacks: if they're stealthy enough, hackers can remain undetected for a long time, as they work towards their long-term goals.

It's why Emotet banking trojan is one of the most active malware threats. Not only does this prolific information-stealer have the capabilities for stealing data, monitoring traffic and secretly moving laterally through networks, it can also drop other trojans onto compromised systems.

However, what started life as a banking trojan has expanded its operations and now it's frequently targeting businesses in attempts to collect whatever login credentials and data it can — potentially exploiting it in an effort to get hold of intellectual property and business secrets.

"Emotet is still rampant against UK organisations and probably globally. They continue to do it, so there must be some success," says Adrian Nish, head of threat intelligence at BAE Systems.

"Many mid-sized and large organisations are targeted by Emotet on a daily basis — not successfully, but they're receiving reasonably targeted phishing emails leveraging information about the organisation."

Less sophisticated cyber criminal operations attempting trojan malware campaigns are likely to rely on spray-and-pray tactics, sending out vast swathes of emails in the hope that perhaps just a small handful of people open the message and run the malicious executable inside. These attacks are likely to be more focused on stealing bank details and personal information.

However, more sophisticated, customised campaigns operate with a specific target in mind: they could be looking to infiltrate the network of a particular organisation, they could even be looking to infiltrate a particular department, perhaps even with a specific individual in mind.

The sheer number of data breaches which have occurred over the years have made discovering email addresses, even passwords, easier than ever for cyber criminals. That data can be used to tailor phishing emails to have the highest chance of looking legitimate and being opened. Users may ignore a message from an unrecognised address, but if it looks as if that message has come from a co-worker or even their boss, they're much more likely to do what the message says.

At the very top of the cyber chain, malicious trojans are built with huge budgets behind them, with nation-states funding the development of this software in order to conduct espionage on other nations, infrastructure, private industry and more.

SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)

Those developing these tools are therefore the cream of the crop and know exactly what they need to do to bypass security software, they have the money, time, and resources to do so — and could potentially do a lot of damage.

"Each and everyday, these guys are tasked with one single thing: to make sure they don't get detected by security solutions and come up with new ways of bypassing sandboxes and detention environments," says Liviu Arsene, senior e-threat analyst at security company Bitdefender.

"They have the same security skills as we do and an intimate knowledge of how the security industry analyses malware samples."

So despite the potent nature of trojans, why aren't they talked about as much as other threats like ransomware? It might be the precisely targeted nature of some of these attacks. That means some of the more dangerous trojans are simply seen as something that doesn't need to be worried about because they're not widespread, only going after small numbers of victims — but that's not a healthy attitude to take.

"They fly under the radar because they don't necessarily have a huge pool of victims and it isn't as necessarily as funky as when you infect thousands of users. If you find a trojan that's really interesting, you'll probably only find it infecting a handful of victims — five, ten, maybe 15 victims. That's not usually a sexy topic," says Arsene.

But a potent trojan has the power to do colossal amounts of damage in in the hands of a sophisticated attacker. No wonder cyber criminals are so interested in them again.


Editorial standards