What type of malware disguises itself as legitimate software to trick users into installing it?

Correct answer: Trojan

Option D is correct because a Trojan horse is malware that disguises itself as a legitimate or useful program to deceive users into voluntarily installing it, after which it performs malicious actions such as opening a backdoor, stealing data, or downloading additional payloads. Option A is incorrect because a worm is self-replicating malware that spreads across networks without user interaction and without needing to masquerade as a legitimate application. Option B is incorrect because a rootkit is designed to hide its presence and maintain privileged access to a system; while it may be delivered by other malware, it does not inherently disguise itself as a legitimate program to trick installation. Option C is incorrect because ransomware encrypts victim files and demands payment for decryption; although ransomware can be delivered via social engineering, the defining characteristic of ransomware is encryption and extortion, not disguising itself as legitimate software.