A computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorizations of a system entity that invokes the program.
Sources:
CNSSI 4009-2015
under trojan horse
NIST SP 800-12 Rev. 1
from
CNSSI 4009
NIST SP 800-82r3
from
RFC 4949
A useful or seemingly useful program that contains hidden code of a malicious nature that executes when the program is invoked.
Sources:
NIST SP 800-28 Version 2