Watch out for that TROJAN!

Hi there!?

It's your girl Bolatito and I come bearing juicy tips and gist as always.??

Yam harvest season is upon us! ?? If you are a resident of an African community that grows yam, you must have noticed fresh tubers flooding the food market. As a lover of yam, I grabbed myself a large tuber during the week and to my surprise even after thoroughly inspecting the yam, I had somehow purchased an already rotting tuber. As I sat in my kitchen staring at the rotten pieces of yam and the already boiling pot of water in anger, my mind wandered off to how trojan malware attacks occur and I knew I just had to explain the concept to you.?

While you are here, feel free to read my last letter about Spyware if you missed It. Now let’s get back to discussing TROJAN, and all you need to know about this malicious malware. The Trojan horse (popularly known as Trojan) is a type of malicious code or software that appears to be legitimate and harmless but can cause damage, disrupt, steal, or in general inflict some other harmful action on your data or network.??

Just like the ‘harmless’ wooden horse gift that resulted in the defeat of the City of Troy in the ancient Greek myth of the Trojan horse, Trojans can bypass otherwise strong defences protecting a computer system while impersonating a genuine program and eventually take over the system without the user or IT administrator noticing.?

The interesting part of this attack is the attacker deceives you to take the first step of loading and executing the malicious code paraded as a bona fide file or application on your device. The malicious program then executes the task the attacker designed it for, such as gaining backdoor access to corporate systems, spying on users’ online activity, data deletion, data censorship, data modification, data theft, and causing interference in the operation of computers or computer networks. The Trojan malware potentially leaves your computing device susceptible to other “invaders.” A quick indication of your device or system is affected by a Trojan attack is your device setting being changed unexpectedly.?

Some facts about Trojan attacks??

1. Unlike most computer viruses the Trojan horse cannot manifest on its own. It requires a user to download the application for it to function. The executable (.exe) file must be implemented and the software installed for the Trojan to attack the device.??
2. Email Trojans, for example, use social engineering tactics to resemble harmless email attachments, fooling the user into opening the attached file. A Trojan malware-infected machine can also transfer it to other systems.??
3. A cybercriminal transforms the affected computing system into a zombie computer, giving them remote access to the device without the user’s knowledge. Hackers can then use the zombie computers to spread malware to connected devices.?
4. Trojans are pre-programmed to perform specific actions such as accessing a particular website or using a banking app. Based on the Trojan type and its creation method, the infection may erase itself, revert to a dormant state, or stay active even after the hacker’s desired action is completed.?

Trojan Malware is categorised based on its functionality, intended use and method of attack. Below are some common types of Trojan malware you need to be cautious of:?

1. Backdoor Trojan – A backdoor Trojan enables an attacker to gain remote access to a computer and take control of it using a backdoor.?
2. Bank Trojan – A banker Trojan is designed to target users’ banking accounts and financial information?
3. Downloader Trojan – A downloader Trojan targets a computer that has already been infected by malware, then downloads and installs more malicious programs to it.?
4. Fake Antivirus Trojan – A fake antivirus Trojan simulates the actions of legitimate antivirus software and gets unknowing users to download.?
5. Game-Thief Trojan – A game-thief Trojan is specifically designed to steal user account information from people playing online games.?
6. Exploit Trojan - An exploit malware program contains code or data that takes advantage of specific vulnerabilities within an application or computer system.?

Now that you have a good understanding of this malware type, here are helpful tips to keep prevent trojan attacks.?

1. Download apps and software from official sources- Downloading apps and software from unofficial sources or using cracked software increase your chances of unintentionally infecting your computing device with malware.??
2. Be cautious of links and email attachments- Harmful links and attachments in phishing emails are one tactic cybercriminals employ to distribute Trojan. Avoid clicking links in emails or downloading attachments from unsolicited emails, especially files with .exe extensions. Instead, hover over the link first to see if it looks genuine and only download requested or necessary attachments from recognizable senders.?
3. Use an ad blocker – Pop-ups and online ads are popular Trojan circulation mediums. To restrict your exposure to these pop-ups and ads we encourage the use of an ad blocker.??
4. Where possible avoid free software – Trojan virus is sometimes hidden in easy-to-use, free functional applications like photo editing apps or even antivirus/antimalware applications. Be suspicious of free apps and always vet their authenticity by looking out for online reviews and doing some research.??
5. Use a trusted antivirus/antimalware tool – To avoid stories that touch, tighten up your security with a good paid antivirus. Routine virus scans are strongly recommended.?

?Side Gists?

The second cohort of the DigiGirls training program ended last week graduating 4000+ beneficiaries. This is no small feat as the training required passion and diligence from its beneficiaries and the graduands rose to the challenge, exiting the program equipped with skills and prepared for the next level. Congratulations to the DigiGirls 2.0 cohort, we look forward to receiving news of your career advancement.?

Cybersafe Foundation is set to present the newest members of its cybersecurity talent pool in the first edition of the CyberSafe Hiring Summit happening in October. During the hiring summit organizations and recruiters from across the world will be given the opportunity to interview and hire entry-level cybersecurity professionals from the CyberGirls Fellowship and Enugu Cyber Security Learning (ECSL). Are a recruiter/organisation interested in attending the summit? Fill out the registration form here or send a mail to [email protected] for enquiries.?

It is always fun writing to you, and I look forward to doing it again next week as we discuss computer Worms.??

Till then, watch out for juicy looking rotten yams or should I say Trojan horses????

Yours truly,?

Bolatito?