In AP Cybersecurity, a trojan is malware embedded in other software that seems harmless, so a user willingly installs it. Once running, it can give an adversary access, like a remote access trojan (RAT) that lets them control your device.
A trojan is malware that hides inside software that looks legit. You think you're downloading a photo editor or opening an invoice, but malicious code is riding along inside it. The name comes from the Trojan Horse story for a reason: the danger gets in because you let it in.
This is what makes a trojan different from other malware. It doesn't break in on its own and it doesn't self-spread. It relies on you trusting it and running it. Once it executes, it can do almost anything, including a remote access trojan (RAT), which hands an adversary remote control of your system. The CED ([AP Cybersecurity 4.1.B], EK 4.1.B.2) lists trojans alongside viruses and worms as one of the core malware types, and a RAT is just a trojan whose payload is remote access.
Trojans live in Unit 4: Securing Devices, under Topic 4.1 Device Vulnerabilities and Attacks. They directly support [AP Cybersecurity 4.1.B], where you identify the type of malware used in an attack. Knowing the delivery method is the whole game here. The exam wants you to read a scenario and name the malware, and the giveaway for a trojan is almost always disguise plus user action: someone downloads or opens something that seems safe. This also ties into [AP Cybersecurity 4.1.C] and 4.1.D, because once a trojan or RAT is running, the adversary can turn on a webcam, steal data, or take full control, which is exactly the kind of risk you have to assess.
Keep studying AP Cybersecurity Unit 4
Visual cheatsheet
view galleryRemote Access Trojan (RAT) (Unit 4)
A RAT is just a trojan with a specific job: hand the attacker remote control of your device. If a scenario says software 'secretly grants an adversary remote access,' that's a RAT, which is a flavor of trojan.
Command and Control / C2 (Unit 4)
Once a RAT is in, the attacker needs a way to send it orders. That's command and control. The trojan is the foothold; C2 is the leash the attacker uses to steer it.
Virus and Worm (Unit 4)
All three are malware, but they differ by how they spread. A virus needs you to run a file, a worm spreads on its own with no human help, and a trojan tricks you into installing it by pretending to be something useful.
Anti-malware (Unit 4)
Anti-malware is the defensive counter. It scans downloads and running programs to catch trojans before that 'harmless' app does damage, which is why patching and scanning show up in risk assessment under 4.1.D.
Expect trojans in multiple-choice questions that hand you a scenario and ask you to name the malware. The tell is disguise plus a user action. A released-style practice question describes a user downloading 'a legitimate photo editing application' that then secretly grants remote access, and the answer is a trojan (specifically a RAT). Your job is to separate it from lookalikes: if files get encrypted for payment, that's ransomware; if it spreads with no user opening anything, that's a worm. Read carefully for how the malware got in and whether a user had to act, because that one detail decides your answer.
A trojan needs a human to install it, usually by disguising itself as something useful, while a worm spreads computer to computer all by itself with zero user interaction. If the scenario says malware 'automatically replicates across network systems' without anyone opening a file, it's a worm. If someone downloads or opens something that looked safe, it's a trojan.
A trojan is malware hidden inside software that looks harmless, so the user installs it themselves.
Unlike a worm, a trojan does not self-spread, and unlike a virus, its disguise is the whole point of how it gets in.
A remote access trojan (RAT) is a trojan that gives an adversary remote control of your device.
On the exam, the giveaway for a trojan is disguise plus a user action: someone downloads or opens something that seemed legitimate.
Trojans support [AP Cybersecurity 4.1.B], where you identify the malware type in an attack scenario.
A trojan is malware embedded in other software that seems harmless, so you install it without realizing it's dangerous. The CED lists it as one of the main malware types under [AP Cybersecurity 4.1.B], alongside viruses and worms.
A worm spreads from computer to computer on its own with no human action, while a trojan needs you to install it by tricking you into thinking it's safe. If a question says malware 'replicates automatically across systems,' it's a worm, not a trojan.
Yes, kind of. A remote access trojan (RAT) is a specific type of trojan whose payload gives an attacker remote control of your device. Every RAT is a trojan, but not every trojan is a RAT.
No. A trojan relies on you installing it because it's disguised as something useful. A virus needs a user to execute or open an infected file, and a worm spreads with no user action at all, so the spreading behavior is what separates them.
Look at the goal. A trojan is about sneaking in through disguise, while ransomware encrypts your files and demands payment. If the scenario emphasizes the disguised download and remote access, it's a trojan; if it emphasizes locked files and a ransom demand, it's ransomware.
Connect this key term to the AP exam workflow: review the course, practice questions, and check related study tools.