They’re likely referring to a remote access trojan (malware) which likely shares many features of whatever administrative tool the IT team uses at that company.

Is there a fundamental difference between a remote administration tool and a remote access trojan?

Seems like roughly the same difference between a malware keylogger and say, X11. They both intercept all your keystrokes, but you wanted the latter one to do so and didn't want the former.

("But I didn't want the remote admin tool on my computer!" It's not your computer, it's the company's computer. And they wanted it there.)