Trojan

Sec+ Glossary 📖 • Threats ⚠️ • Security+ 02 • Difficulty: free

What is Trojan?

A trojan is malware that disguises itself as legitimate or desirable software to trick a user into installing or running it. Unlike worms, trojans typically do not self-spread automatically; they rely on deception and user action, and they are often used to deliver other malware or create hidden access for attackers.

Examples

A fake “PDF reader” installer actually installs a remote access trojan that gives an attacker control of the device.
A cracked version of paid software includes a hidden trojan that steals browser passwords after installation.

Discover 🔎

The word trojan comes from the Trojan Horse story: something that looks harmless is used to sneak a threat inside. That is exactly how a trojan works in cybersecurity. It relies on trust, curiosity, urgency, or convenience to convince someone to run it. Trojans are common because they bypass strong technical defenses by targeting human decision-making.

Remember: Trojans are about disguise. They often arrive as something the user wants, expects, or is pressured to open.

Summary 📝

A trojan is malware that hides inside software that appears legitimate, tricking users into running it. Trojans usually rely on deception rather than automatic spreading, and they are often used as an entry point to deliver other malware or provide remote access. Defense focuses on preventing untrusted execution, controlling software sources, hardening documents and macros, and detecting suspicious behavior quickly.

Open the interactive lesson Browse more topics

Tip: The interactive version includes progress tracking, decks, and premium deep dives.