Trojan horse (computing): deceptive malware and its impacts

A Trojan horse is malicious software that disguises its true purpose to trick users into installing it. It typically provides unauthorized access, steals data, or enables other attacks while appearing benign.

A Trojan horse, commonly shortened to trojan, is a class of malicious software that misrepresents its functions to persuade a user to run it. Unlike self-replicating malware such as worms or traditional viruses, a trojan relies on social engineering or concealment to be installed. Once active, it may perform hidden actions — for example creating a backdoor, logging keystrokes, stealing files, or enabling remote control — while the visible program continues to behave as expected.

Characteristics and typical behavior

Trojans come in many forms but share core traits: they appear useful or harmless, require some user interaction to be installed, and contain concealed routines that perform malicious tasks. A common role for modern trojans is to act as a backdoor, giving attackers a covert channel to the infected system and bypassing normal protections such as authentication or encryption. They may also include components that harvest credentials, capture screenshots, intercept network traffic, or add the machine to a botnet for coordinated attacks.

How trojans spread

Distribution of trojans typically depends on tricking users rather than exploiting a vulnerability directly. Frequent vectors include:

Malicious email attachments or links that prompt users to download and run a file.
Bundled software downloads where a trojan is packaged with what appears to be a legitimate program or media.
Fake updates for drivers or common applications, including counterfeit device drivers.
Pirated software, cracked installers, or seemingly innocuous files such as wallpapers, games, or utilities obtained from untrusted sources (see download warnings).
Social engineering through pop-ups, messages, or compromised websites that convince users to run code.

History and name

The term borrows its name and concept from the wooden gift in ancient warfare: the Trojan Horse of legend, which concealed hostile forces inside an apparently benevolent structure. For the classical tale and its cultural background, see Greek mythology. In computing, the metaphor emphasizes deception: a program that appears useful but hides an attack within.

Impacts, detection, and defenses

Trojans can have a wide range of consequences. They may lead to identity theft, financial loss, data breaches, or loss of control over systems. Some trojans are tailored for espionage or persistent intrusion in high-value targets, while others focus on mass exploitation for cryptocurrency mining or spam distribution. Signs of infection include unexpected network connections, unexplained new user accounts, unusual system slowdown, or programs launching without consent.

Defensive measures combine technical controls and user awareness: keep operating systems and applications updated, run reputable endpoint protection, restrict administrative privileges, enable network monitoring to detect anomalous connections, and train users to avoid suspicious downloads or attachments. In enterprise contexts, incident response plans and endpoint isolation are important to contain a compromise.

Distinctions and notable facts

Important distinctions: a trojan is a delivery method and deception technique, not a replication mechanism. Viruses attach to other files and often replicate; worms self-propagate over networks. A trojan may contain virus-like or worm-like components, but its defining feature is concealment of intent. For wider reading about authentication, encryption, drivers, and safe downloading practices, consult technical references and vendor guidance (see links above).