Which Trojan type is described as downloading additional malware from the Internet onto the compromised host?

A downloader Trojan is built to fetch and install more payloads from remote servers after it has infected a system. This staged approach lets attackers update or add new capabilities without needing a new infection, by pulling additional malware over the Internet and placing it on the compromised host. The defining behavior is actively retrieving supplementary malware post-infection, rather than just delivering a single payload or injecting code into another process. A dropper focuses on delivering a payload and evading detection, not necessarily downloading additional components after the initial infection. An injector hides malicious code inside legitimate processes, and Malicious Code is too generic to describe the delivery method. So the behavior described—downloading extra malware from the Internet onto the compromised host—best fits the downloader.