One of the first Trojan horses to become widely known was also the first ransomware seen in the wild – the “AIDS Trojan of 1989”. This malicious code was distributed via postal mail on floppy disks that purported to contain an interactive database associated with the disease AIDS. If installed, the program waited 90 boot cycles and then ciphered most of the filenames in the root directory of the machine. The “licencing agreement” of the software demanded that the victims send $189 or $378 to a post office box in Panama to get their data back.
The notorious spyware FinFisher (also called FinSpy) is another example of a Trojan virus. It is known for its extensive spying capabilities and misuse of webcams, microphones, keylogging, and ability to exfiltrate files. It is marketed by its developers as a law enforcement tool, but it is believed to have been used by oppressive regimes as well. To hide its true purpose, FinFisher uses various disguises. In one of its campaigns discovered by ESET, it posed as an installer for popular and legitimate programs such as browsers and media players. It has also been distributed via emails with fake attachments or fake software updates.
However, Trojan horse viruses are not a threat exclusive to desktops or laptops. A lot of today’s mobile (and especially Android) malware also belongs to this category. DoubleLocker was an innovative ransomware family disguised as an Adobe Flash Player update. It infiltrated the mobile device via Accessibility services, encrypted its data and locked its screen using a random PIN code. Subsequently, the attacker demanded a payment in Bitcoin to unlock the device and data.