The DDA of Milan has highlighted a vast hacking system that gained access to the data stored in the Joint Investigation System, the heart of the Interior Ministry databases through a Remote Access Trojan. Contrary to what many people think, Trojans are not computer viruses, because they do not have the ability to replicate: i trojanoften known as trojan horserepresent one of the most insidious forms of malware (contraction of malicious software), as they have the peculiarity of masquerading as apparently harmless files or programs. Unlike other self-propagating malware, such as viruses, Trojans require human intervention to install. Cybercriminals use social engineering tactics such as phishing, leveraging the user’s trust to trick them into downloading the infected file, which can be hidden in free programs, email attachments, video games, applications, and movies. Once launched, the Trojan operates silently, allowing hackers to steal data, access devices or launch large-scale attacks.
What are trojans and how do they work
The metaphor of the Trojan horse from Greek mythology perfectly reflects the sneaky approach of this malware. Just as the mythological wooden horse was used to usher Greek soldiers into the city walls of Troy, Trojans are designed to infiltrate devices and open a “door” to attacks. Technically Trojans belong to the malware familyas well as viruses: compared to the latter, however, they do not have the ability to replicate and infiltrate other systems, so it is correct to say that Trojans are not viruses. This should be clarified right from the start, given that Trojans are often mistakenly referred to as “Trojan viruses”.
Unlike viruses, in fact, Trojans do not replicate automatically: they require in fact user interventionwhich plays an active role in installing malicious software. Trojans come in the form of executable files (such as “.exe”, “.bat”, “.js” and similar), but they often disguise their true nature using specific stratagems. A rather “classic” example is represented by the file containing the trojan that comes renamed with multiple extensionsfor example “DocumentName.txt.exe”. By doing this, the final “.exe” extension does not appear to the user, since Windows, by default, hides some file extensions. As a result, the file will show up as “.txt” (or similar), prompting users to open it, unaware of its malicious content.
Once installed, the trojan can remain hiddenexploiting the device to steal information, perform operations in the background or make it become part of a botnet. The latter is a network of infected computers controlled remotely to unleash attacks, such as spam or data theft on a global scale. Depending on the actions that cyber criminals perform using Trojans, they can be classified into very specific categories. Among the main ones, we remember:
- Backdoor trojans: These Trojans create a “backdoor” on the victim’s device, granting attackers unauthorized access through the “back door” opened by the Trojan. This backdoor allows them to control the system, steal data, and introduce more malware.
- Trojan downloaders: the main purpose of this type of trojan is to download additional content, such as other malware, onto the infected system.
- Infostealer Trojan: As the name suggests, this type of Trojan steals sensitive data from the victim’s computer, such as passwords, banking information, personal files, etc.
- RAT (Remote Access Trojan): this trojan gives the attacker complete control over the victim’s device, effectively turning it into a tool that can be exploited for espionage purposes by cybercriminals, as recently happened with the advanced digital platform Beyond, used to spy on 800,000 people, including many Italian politicians.
- Trojan with DDoS attack (Distributed Denial of Service): These Trojans perform DDoS attacks, flooding a network with traffic to overwhelm and shut it down.
How to protect yourself from Trojans and how to eliminate them from your computer or smartphone
For protect your devices from trojansit is important to take some basic precautions. First of all, Always keep your operating system and software updated: Cybercriminals often exploit known vulnerabilities, which are patched by developers with the release of various updates and security patches.
Beyond that, we suggest you download apps only from official sourcessuch as the Android Play Store, the iPhone, iPad and Mac App Store, the Windows Microsoft Store or, possibly, the official website of the developer of the software you intend to install on your PC, as already suggested in our insights on how protect your smartphone from cyber attacks and how to protect your computer from hackers.
It’s crucial too use a reputable antivirus and keep it updatedso as to be able to periodically scan the system and detect any anomalies. Furthermore, activate a firewall offers an additional level of protection, blocking unauthorized access to the Internet.
What if you suspect you have a Trojan (perhaps because you downloaded content from the Internet without paying too much attention)? First, you have to disconnect your device from the Internet to prevent the malware from communicating with any remote servers. At this point, run a full system scan with your antivirus and delete infected files.