We propose a Hardware Trojan (HT) attack for analog circuits with its key characteristic being that it cannot be prevented or detected in the analog domain. The HT attack works in the context of Systems-on-Chip (SoCs) comprising both digital and analog Intellectual Property (IP) blocks. The attacker could be either the SoC integrator or the foundry. More specifically, the HT trigger is placed inside a dense digital IP block where it can be effectively hidden, whereas the HT payload is in the form of a digital pattern transported via the test bus or generated within the test bus, reaching the Design-for-Test (DfT) or programmability interface of the victim analog IP with the test bus. The HT payload unexpectedly activates the DfT and sets the victim analog IP into some possibly partial and undocumented test mode or changes the nominal programmability. The HT payload can be designed to result in performance degradation or complete malfunction, i.e., denial of service. We demonstrate this HT attack scenario on two analog IPs, namely a low-dropout (LDO) regulator using simulation and an RF receiver using hardware measurements.