The application contains code that appears to be malicious in nature.
Malicious flaws have acquired colorful names, including Trojan horse, trapdoor, timebomb, and logic-bomb. A developer might insert malicious code with the intent to subvert the security of an application or its host system at some time in the future. It generally refers to a program that performs a useful service but exploits rights of the program's user in a way the user does not intend.
The term "Trojan horse" was introduced by Dan Edwards and recorded by
James Anderson  to characterize a particular computer security threat;
it has been redefined many times [4,18-20].
Time of Introduction
Technical Impact: Execute unauthorized code or
In the example below, a malicous developer has injected code to send
credit card numbers to his email address.
Remove the malicious code and start an effort to ensure that no more
malicious code exists. This may require a detailed review of all code,
as it is possible to hide a serious attack in only one or two lines of
code. These lines may be located almost anywhere in an application and
may have been intentionally obfuscated by the attacker.