Trojan Horse Malware Forensic Analysis

Executive Summary

Trojan horses, or “Trojans” colloquially, are commonly used to steal sensitive information, allow remote access to computers and even delete data on them. Using common sense cybersecurity practices and antivirus measures should typically be enough to protect an organization from trojans, but the importance of implementing a proper cybersecurity policy can’t be understated. Good security practices such as keeping systems updated and having a strict firewall policy to prevent users from installing unwanted programs should also be implemented. In the evolving online landscape, organizations will need to stay up to date on the latest developments in how Trojan horses are being used. 

Background

A Trojan horse is malware which disguises itself as a legitimate program to trick users into downloading and running it. The malware derives its name from the ancient Greek “Trojan horse” myth where Greek soldiers were able to trick the Trojans into allowing them to enter the city by using a wooden horse. The strategy they used was to have the soldiers hide inside the horse, much like Trojan malware hides inside a seemingly regular file or application, such as a “Free Adobe Installation” from an unverified source or a game [2]. This is why having a strong firewall policy is important; sometimes employees are unable to tell that the program they’re installing is illegitimate. 

Trojan horses require users to download them from a server in order for it to function. They cannot self-replicate. This separates them from viruses which are able to spread on their own through sharing infected files, such as email attachments or downloads [4] Trojan horses also tend to create backdoors on systems and steal information unlike viruses, they instead tend to focus on destroying files and slowing down system performance. Examples of this would be the ILOVEYOU virus and the Zeus Trojan respectively. The ILOVEYOU virus’ impact was that it overwrote user files, corrupted operating system files and sent itself to contacts in the user’s email. The Zeus Trojan on the other hand disguised itself as legitimate software to steal banking information and login credentials. 

Impact

In recent years, Trojans have inflicted significant damage on corporations across various sectors. One such example was the 2023 QakBot infections. QakBot was developed to steal banking credentials to compromise accounts.  This malware later evolved and enabled widespread data theft and ransomware deployment [1]. This prompted a coordinated international law enforcement operation to dismantle its infrastructure and led to the discovery of $8.6 million dollars worth of illegal crypto transactions related to the Trojan [5]. There are no precise figures on the volume of personal information compromised. This makes their data theft mechanisms all the more worrisome. A company’s personal data could be getting sold on the darkweb right now, and they might not see the impact for years. 

Mitigation

There are a variety of ways in which corporations can protect themselves against Trojans. First and foremost, companies will want to enforce a good cybersecurity policy. Corporations can mitigate against untrusted programs by restricting what applications a user can download. This can be accomplished through strict firewall rules which only allow installations through a catalog of approved software, such as using the Software Center application. Businesses will also need to ensure that they’re regularly pushing updates to work devices so employees will have the latest security updates and be less susceptible to discovered Trojans. Finally, companies need to educate end users. Training should address how to avoid mistakes such as accessing suspicious websites without examining the url, trusting a phishing email without checking the sender’s email, and not creating a backup of important files.

Relevance

Trojan horse malware remains a significant cybersecurity threat, even in 2025. According to Statista, Trojans account for 58% of all known computer malware [3]. Given its abundance in cyberspace, taking precautions against Trojans is in the best interest of every company. Another threat Trojan horse malware poses is its adaptability. The QakBot Trojan was able to evolve from malware which stole sensitive information into a more robust form of malware which could perform reconnaissance and deliver malicious payloads. Trojans are capable of becoming more dangerous with time. Companies should keep systems up to date and implement the latest security measures as a best practice.

References

[1] Cybersecurity and Infrastructure Security Agency. (2023, August 30). QakBot Infrastructure Disrupted in FBI-Led Operation. CISA. https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-242a

[2] GeeksforGeeks. (2023, September 19). Trojan Horse in Information Security. GeeksforGeeks. https://www.geeksforgeeks.org/Trojan-horse-in-information-security/

[3] Jovanovic, B. (2024, February 6). A Not-So-Common Cold: Malware Statistics in 2024. DataProt. https://dataprot.net/statistics/malware-statistics/

[4] Securityium. (2024, October). Viruses vs. Worms vs. Trojan Horses: A Detailed Guide. Securityium. https://www.securityium.com/viruses-vs-worms-vs-Trojan-horses-a-detailed-guide/

[5] U.S. Department of Justice. (2023, August 29). Qakbot Malware Disrupted in International Cyber Takedown. U.S. Department of Justice. https://www.justice.gov/archives/opa/pr/qakbot-malware-disrupted-international-cyber-takedown