← All glossary terms Glossary

What is Trojan Horse?

Malware disguised as legitimate software to trick someone into installing it, then used to steal data, open a backdoor, or deliver other malware.

A Trojan horse — usually just called a trojan — is malware that disguises itself as something useful or harmless to trick a user into running it. Unlike a worm, it does not spread on its own; it relies on deception, arriving as a cracked app, a fake update, or an enticing attachment. Once executed, a trojan can install other malware, open a backdoor for attackers, steal data, or enlist the device into a botnet. Defence combines user caution, restricting what software can be installed, and endpoint detection that flags the malicious behaviour after the disguise is dropped.

  • Disguised as legitimate software to trick you into running it.
  • Unlike a worm, it doesn't self-spread — it relies on deception.
  • Once run, it can install malware, open backdoors, or join a botnet.

En français

Cheval de Troie

Un maliciel déguisé en logiciel légitime pour inciter une personne à l'installer.

Un cheval de Troie est un maliciel qui se déguise en quelque chose d'utile ou d'inoffensif pour inciter l'utilisateur à l'exécuter. Contrairement à un ver, il ne se propage pas tout seul; il mise sur la tromperie et arrive sous la forme d'une application piratée, d'une fausse mise à jour ou d'une pièce jointe attrayante. Une fois exécuté, il peut installer d'autres maliciels, ouvrir une porte dérobée pour les attaquants, voler des données ou enrôler l'appareil dans un réseau de zombies. La défense combine prudence des utilisateurs, contrôle des logiciels installés et détection sur les terminaux.

Trojan Horse: frequently asked questions

What is the difference between a trojan and a virus?

A virus spreads by attaching to files; a trojan doesn't spread on its own — it tricks you into installing it by pretending to be something useful. Both are malware with different methods.

How do you protect against trojans?

Only install software from trusted sources, restrict what can be installed on company devices, keep systems patched, and use behaviour-based endpoint detection that flags the malicious actions once the disguise drops.

Want to talk through how this fits your environment?

Book a no-obligation consultation and we'll explain how this plays out for an organization like yours.

Talk to our team