The product appears to contain benign or useful functionality, but it also contains code that is hidden from normal operation that violates the intended security policy of the user or the system administrator.
Best practices to prevent this CWE
Phase: Operation
Most antivirus software scans for Trojan Horses.
Phase: Installation
Verify the integrity of the product that is being installed.