In computer security, a computer program with an apparently or actually useful function that contains additional(hidden) functions that surreptitiously exploit the legitimate authorizations of the invoking process to the detriment of security.