Much like the wooden horse of Greek mythology, a trojan is designed to be deceptive. They are usually carefully crafted to appear attractive or trustworthy. Many will even use the exact same colors, icons, designs and texts of legitimate programs to appear authentic.
Trojans first and foremost rely on trickery or social engineering to lure users into unwittingly downloading or installing it. The authors of these trojans will often go to great lengths to make them look authentic, often disguising them as movie or music files, documents, games, product updates and so on.
Trojans are distributed in many ways — via websites, emails, through social media or file sharing networks, and even on removable media such as USB sticks. Their distribution also usually involve some sort of deception, such as promising a video or image if you click on a link, but then delivering the trojan instead.
Some trojans rely less on trickery and more on direct exploitation. These often target vulnerabilities in a program or device to forcibly download and install the trojan. These are just a few examples of how trojans are disguised and distributed:
If a trojan is installed onto a system, it is often very difficult for users to realize they are performing any harmful actions, as these are usually well camouflaged to keep the system from triggering any notification messages that might arouse the user's suspicions.
Most antivirus vendors will classify a trojan based on the specific type of action it silently performs. These are just a few of the types:
It can be very hard to tell the difference between a trojan and a legitimate program from just a cursory glance. This is why the recommended way to obtain programs is to download them yourselves from the the legitimate vendor's website, rather than from other, less reputable sources. You can also use reputable antimalware programs with a website security verification feature (such as Browsing Protection) to verify that the site itself is safe before downloading files from it.
If you receive an unknown file unexpectedly, even from a trusted contact, you can always ask the contact separately to confirm that the file is safe, just in case they had been unknowingly infected. You should also scan any new file or program before you run it with a reputable antimalware program (though you should first ensure that the antimalware program has the latest database updates).
One advantage mobile devices enjoy over their computer counterparts is that before any program can be installed, a notification message is displayed. The user has to manually click ‘OK' before the file can be installed, which prevents a trojan from silently installing other harmful files on the device. User vigilance however is still strongly recommended.