The scenario describes a program that appears legitimate (a software update installer that “functions normally”) while secretly placing additional malicious components onto the system, which later execute to establish remote access. That is the defining behavior of a dropper. A dropper’s primary role is to deliver (drop) malware payloads onto a host—writing files to disk or unpacking embedded components—often while disguising itself as a benign application. The malicious components may then be executed immediately or staged for later activation to reduce suspicion and increase persistence.

This differs from a downloader, which typically contains minimal payload and focuses on contacting a remote server to fetch malware after initial execution. In this case, the description emphasizes that “additional malware components are silently placed on the system,” implying the payload is being installed/deposited locally by the initial program rather than primarily downloaded. An injector focuses on injecting code into another running process (process injection) to evade detection or run under another process context; it does not inherently describe the act of placing additional components as separate hidden files. A wrapper is a technique where a malicious program is bound or “wrapped” with a legitimate one so that both run; while wrappers can be used in trojanized installers, the question emphasizes the behind-the-scenes placement of additional components for later activation, which is the classic dropper behavior.

The key indicators are: (1) user executes an installer that appears normal, (2) hidden malware components are deposited without the user’s knowledge, and (3) those components later activate for remote access. That chain matches a dropper’s purpose: stealthy malware delivery and staging.

Therefore, the correct answer is D. Dropper.