What is a Trojan Horse?

A Trojan horse is malware that disguises itself as legitimate software to trick users into installation.

The name comes from the ancient Greek story where soldiers hid inside a wooden horse to infiltrate Troy. Modern Trojans work on the same principle of deception—they promise one thing while delivering something malicious.

Unlike viruses or worms, Trojans don't self-replicate. They rely entirely on social engineering to spread, which makes them particularly effective since users voluntarily run them.

Common varieties include remote access Trojans (RATs) that give attackers control of infected systems, banking Trojans designed to steal financial credentials, and downloader Trojans that install additional malware. Some masquerade as cracked software, pirated games, or free versions of paid applications. Others arrive as email attachments claiming to be invoices, shipping notices, or urgent security updates. The disguise is everything—a Trojan needs to look trustworthy enough that someone will ignore their better judgment and click.

The term "Trojan horse" entered computing vocabulary in a 1974 US Air Force report analyzing computer security vulnerabilities. The concept predated the name, though—early time-sharing systems had already seen malicious code hidden inside seemingly useful programs. The first widely documented Trojan appeared in the 1980s as a program called EGABTR, which claimed to improve graphics but actually deleted files.

As personal computers became common in homes and businesses, Trojans evolved rapidly. The late 1990s brought NetBus and Back Orifice, RATs that demonstrated how easily attackers could control remote systems. These tools were sometimes framed as network administration utilities, blurring the line between legitimate software and attack tools. Email attachments became a primary delivery method during this period, with Trojans disguised as everything from love letters to business documents.

The 2000s saw banking Trojans emerge as online financial services grew, targeting credentials and transaction data. Modern Trojans have become more sophisticated in their disguises and their payloads, often downloading ransomware or cryptocurrency miners after establishing a foothold.

Trojans remain one of the most successful attack vectors because they exploit human psychology rather than just technical vulnerabilities. No amount of patching stops someone from running a program they believe to be legitimate. The initial infection often leads to worse problems—modern Trojans frequently serve as the first stage in multi-step attacks, downloading ransomware, establishing persistent backdoors, or moving laterally through networks.

Banking Trojans have grown particularly sophisticated, using web injection techniques to modify banking sites in real-time and steal two-factor authentication codes. Mobile Trojans now target smartphones, hiding in fake apps or legitimate-looking utilities in third-party app stores. Some advanced Trojans avoid detection by living entirely in memory or by mimicking legitimate system processes.

The rise of software supply chain attacks has created a new concern: Trojans embedded in legitimate software during development or distribution. This happened when attackers compromised update mechanisms for widely-used applications, turning trusted software into a delivery mechanism. Organizations face a constant challenge of user education alongside technical controls, since the weakest link is often someone who just wants to get their work done.

Plurilock's approach to Trojan threats combines technical detection with realistic assessment of how attacks actually happen. Our social engineering testing reveals how susceptible your users are to deceptive tactics before real attackers find out.

We test with the same methods criminals use—fake software offers, urgent-seeming attachments, trusted-looking communications. Our offensive security services identify where Trojans could establish footholds and what they could access once inside.

We help organizations implement detection controls that catch suspicious behavior even when the Trojan itself looks legitimate, focusing on what the malware does rather than just what it is.