Evolution of Trojan’s Activities in 2019

Trojan refers to a malicious program misleading its true intentions.  It is often disguised as a legitimate software or wrapped with a legitimate software. Traditionally, popular software that available on mirror sites are mostly wrapped with malwares. Hackers take advantage of their popularity and wrap their malicious program with it. Trojans are popular for remote access and backdoor. Remote Access Trojans (RATs) allow gaining unauthorized privileged access to a system. Once a Trojan program is executed on a system, it becomes difficult to trace however, Anti-Trojans and Rootkit Scanners help to detect them.

There are several types of Trojans, the most popular categories are:

1. Remote Access Trojans (RATs)
2. Data Sending Trojans
3. Destructive Trojans
4. Proxy Trojans
5. FTP Trojans
6. DoS Attack Trojans
7. Banking Trojans
8. Ransomware Trojans
9. SMS Sending Trojans

“Many of the Trojans we hear about today were designed to target a specific company, organization, or even government”

Characteristics of a Trojan

• A Trojan is a malware program disguised as a legitimate software
• Trojans are employed to gain access (backdoor) to a system
• Victims are typically tricked by social engineering to download and execute the Trojans on their systems
• A Trojan can spy, steal and gain backdoor access to a system
• A Trojan can:
  • Modify data
  • Delete data
  • Copy data
  • Disrupt the performance of a system

Remote Access Trojan (RAT)

Remote Access Trojans are those malicious programs, which provide access of a system through a remote connection. A victim is tricked by a cracked or a free software or an anti-virus software usually by social engineering. RATs provide a remote access of the victim’s machine to the hacker. If a RAT is successfully exploited, it allows the hacker to browse the directories, modify, delete, replace and execute the files on the targeted system. It also provides access to monitor and kill all running processes. Advance RATs are smart enough to provide administrative remote access. 

Popular Remote Access Trojans are:

1. JSPY
2. Andro RAT
3. Pandora RAT
4. JRAT
5. Novalite RAT
6. CyberGate RAT
7. Dameware RAT
8. NjRAT
9. BlackShades RAT
10. DarkComet RAT
11. HTTP RAT

Overall malware activity increased up to 61% from December 2018 to January 2019. Primary infection vectors are banking Trojans and Remote-Access Trojans like Emotet, Kovter, Dridex and NanoCore. The MS-ISAC Top 10 Malware refers to the top 10 new actionable event notifications of non-generic malware signatures sent out by the MS-ISAC Security Operations Center (SOC).

Trojan Development Kits

Trojan Development Kits (TDKs) are the applications, which are easily downloadable for free. These kits are the interface for beginners to create their own variants of Trojans. To generate a malware, a user needs to choose customization by clicking the form.

Following are the well-known TDKs:

1. Dark Horse Trojan Virus Maker
2. Senna Spy Generator
3. Trojan Horse Construction Kit
4. Progenic Mail Trojan Construction Kit
5. Pandora’s Box

Trojan Development Lifecycle

How a Trojan can Impact?

• A backdoor Trojan gives malicious users remote control over the infected computer
• Trojans can allow performing several actions including sending, receiving, launching and deleting files, displaying data and rebooting the computer
• Trojans are often used to unite a group of victim computers to form a botnet or zombie network
• Trojan takes advantage of a vulnerability within application software that is running on a computer
• Trojans are also used to install rootkits on a victim’s system
• Banking Trojans are designed to find financial data on targeted machines.
• Trojans can download and install new versions of malicious programs onto a computer
• Trojans are popularly used for ransomware attacks

Trojan Detection Tools

1. Solarwind Security Event Manager
2. Snort
3. OSSEC
4. Suricata
5. Security Onion
6. AIDE
7. OpenWIPS-NG
8. Samhain

Best Practices to Prevent Trojans

• Avoid executing unknown files (.exe, .vbs, .bat)
• Update Operating system and Applications along their patches
• Install an Anti-virus preferably with Firewall and Anti-Trojan Component
• Disable unused ports and verify file integrity
• Avoid connecting to unauthorized mirror servers
• Download free content from a producer’s server only
• Avoid suspicious and unsafe websites
• Be awareness and train yourself for social engineering attacks
• Avoid opening unsolicited emails from senders you do not know

Important Terminologies

Malware is the malicious program or piece of code used to exploit a target.

Backdoor is a malicious program, which provides access of a system bypassing the security controls and authentication process.

Trojan is a type of malware that is often disguised as legitimate software. Trojans can be employed by cyber-thieves and hackers trying to gain access to users’ systems.

Droppers are helper programs for various types of malware such as Trojans and rootkits. Usually they are implemented as scripts (VB, batch) or small applications.

Crypter is a software that can encrypt, obfuscate, and manipulate malware, making it undetectable to security programs.

Wrapper is a program used in Transmission Control Protocol (TCP) to provide a layer of security by intercepting calls to computer services and determining whether the service is authorized to be executed.