What is trojan horse malware, and how harmful is it to your Mac?

Dawna Roberts

Feb 29, 20247 min read

What is trojan horse malware, and how harmful is it to your Mac? Header image

Malware is the buzzword of the day. We hear it in reference to many different types of online attacks, and almost everyone has at least some idea of what it is — and has possibly seen it in action. One of the cleverest types of malware is the trojan horse.

Keep reading this guide to learn all about the history and evolution of trojan horse malware, including examples, types of trojans, and how to detect and remove them. 

What is trojan horse malware?

“Trojan horse malware” is a blanket term for many different types of malicious software. A piece of malware qualifies as a trojan horse when the program pretends to be something it isn’t. In reality, the software is an attack in disguise. 

Historical context and the evolution of trojan malware

The term “Trojan horse” stems from Ancient Greek history. According to legend, during the Trojan War, the Greek strategist Odysseus devised a plan to get his people into the city of Troy undetected. The Greeks wheeled a giant horse to the city’s gates and left. Trojan soldiers, believing it was a sign of defeat and surrender, brought the horse into the city. In reality, Odysseus and his men were hiding inside. This clever tactic allowed the Greeks to launch a sneak attack by night, seize control of the city, and win the war. 

The term “trojan horse” has since been adopted in the cybersecurity community to describe any program that uses deceit or social engineering to trick the user into installing it onto their device, essentially letting it in the door. 

Is a trojan a virus?

No. Trojans are not viruses, nor are they worms. Rather, the term refers to a category of attacks that can do many different things. In short, a piece of malware is classified as a trojan due to how it functions. 

An image of a recreation of the famous Trojan horse.
Image by Pexels

Examples of trojan attacks

For as long as computers have existed, hackers have been devising ways to attack networks and devices. The idea is not novel, but the execution and style can be. Some examples of trojan attacks include the following. 


In 1975, cybercriminals launched one of the first trojan attacks using a simple game called ANIMAL. As the user played, the program quietly copied itself to other parts of the network. This early version didn’t do much damage; it was more of a prank than anything else.

AIDS trojan

In 1989, subscribers to PC Business World magazine and a World Health Organization AIDS list received floppy disks containing the AIDS trojan, the first recorded ransomware. It locked the user’s files after 90 days and demanded $189 for the key. 


By 1990, hackers had grown bold and used another simple game, Whack-a-Mole, to entice users to download what was really a copy of NetBus, a remote controller for Windows. It provided remote access, meaning the criminal could do just about anything to the user’s computer. 

How computer trojans work

As stated above, computer trojans are designed to look like something else in order to gain the user’s trust. In some cases, games laced with malicious software entice the user into installing them onto their device. Once installed, the malware may start working immediately, or it could be on a delayed timer to start its mischief later.

Just like the original Trojan horse, computer trojans can only cause trouble after the user opens the metaphorical door. In other words, trojans require user interaction, at least in the beginning.

Common delivery methods of trojan malware

Trojan malware may be delivered through various methods. Some examples are:

  • Phishing emails
  • SMS text messages with links
  • Games laced with malware
  • Social media posts
  • Fake ads
  • Malicious websites
  • Free files/downloads
  • Apps
A screenshot of a trojan malware delivery method.
iCloud is a trademark of Apple Inc.

Types of trojan horse malware

Below are some of the different kinds of trojan horse malware.

Downloader trojan

This type of trojan, once installed, downloads additional types of malware to the infected device to do even more damage.

Backdoor trojans

A backdoor trojan provides an unlocked door in the system so a hacker can gain remote access anytime. A backdoor is very dangerous, allowing the attacker to do anything they want to your computer.


Spyware is another damaging type of trojan attack that spies on your activities. It can collect keystrokes, passwords, and login credentials, which are then used to steal your identity or money.

DDoS Attack

A distributed denial-of-service (DDoS) attack is designed to overwhelm the device or network with an overload of activity. Once disabled, the network or device becomes more vulnerable and easier to take over.


A rootkit trojan is a master of disguise. A rootkit’s primary function is to provide access to normally off-limits areas of software, and hiding a rootkit in a trojan helps ensure that no one discovers the malware on the machine. 

Banking trojans

Banking trojans target users’ bank credentials and logins. The attackers aim to use your collected information to gain access to your financial accounts and drain them. 


Like backdoor trojans, remote access trojans (RATs) provide remote access to a machine or network. 


As the name suggests, this type of malware steals information and files, usually for financial gain or fraud. 

Other common trojan variants

Along with the malware listed above, you may come across other variants of trojans such as spy trojans, SMS trojans, ransom trojans, IM trojans, exploit trojans, mailfinder trojans, and SUNBURST trojans that do many nefarious things.

How to detect a trojan infection

The whole idea of trojans is to keep something undetectable to the user. However, some signs that your system may be infected with a trojan include slow performance, unusual activity, or changes in your system settings. Identity theft could be another indication.

Here’s what to do if you suspect your Mac may be infected:

  1. Boot your computer into Safe Mode.
  2. Check the Activity Monitor to see what is running and using resources.
  3. Use malware protection software to run a deep scan. If the software finds anything, it should be able to clean it off.
  4. Clear out any temporary files.
  5. Clear your cache. 
  6. Restore files from a backup if needed.

The significant impact of trojan attacks

A trojan can drastically impact your device. Due to the sly nature of these beasts, they can spread quickly across networks and among devices, doing even more damage. Many of them steal information to gain access to accounts.

How to get rid of a trojan on Mac

You can easily remove a trojan on your Mac by using CleanMyMac powered by Moonlock Engine. Just follow these steps:

  1. Open CleanMyMac X.
  2. On the left side menu, choose Malware Removal.
  3. Click Start Scan
  4. Wait for the scan to complete. It may take a few minutes.
  5. Click Review Details to see what was found and removed.
A screenshot showing how to clean trojan malware using CleanMyMac X.

Removing a trojan on iPhone

If you believe you have a trojan on your iPhone, follow the steps below to remove it.

  1. Restart your iPhone.
  2. Update your iOS if not updated already.
  3. Clear Safari’s browsing history and browsing data.
  4. Look for any suspicious apps that you did not install and remove them.
  5. Perform a factory reset on your iPhone and restore it from a safe backup.

Best practices for avoiding trojan horse infections

It’s said that an ounce of prevention is worth a pound of cure, and cybersecurity is no exception. Some best practices for preventing trojan infections include the following.

Phishing and smishing are some of the ways hackers get you to download unsafe software. Never click links in emails or SMS messages sent from someone you don’t know.

Keep systems updated

Always update your hardware and software with the latest security patches.

Turn off macros

Turn off macros in Excel and Word. This may not seem like an obvious tip, but criminals can use macros to download malicious software to your machine.

Avoid downloading anything from unsafe sources

Never download email attachments from unknown senders, and never download free software from unsafe sources. If you find something online that seems too good to be true, it’s probably laced with malware.

Turn on 2FA or MFA

Turn on 2-factor authentication or multi-factor authentication on all your accounts for an added layer of security. 

Keep good backups

Always back up your data so you have a safe copy to restore your device if you get infected.

Trojan horses continue to be an effective tool used by cybercriminals. Thankfully, Moonlock keeps a close eye on emerging threats to inform and warn consumers so they can protect themselves.

Trojan horse attacks are clever and difficult to detect. The best way to stay safe from these particular threats is to follow the cybersecurity best practices listed in this article and always err on the side of safety. 

This is an independent publication, and it has not been authorized, sponsored, or otherwise approved by Apple Inc. Mac and iPhone are trademarks of Apple Inc.

Dawna Roberts Dawna Roberts
Dawna has spent her entire career in web dev, cybersecurity, and IT. Her work has been featured on Forbes, Adobe, Airtable, Backblaze, Cyberleaf, Lifewire, and other online publications for the past ten years.