Originally posted by Jakobson
View Post
Basically you could end up with the same situation in other programs where a third party drops a bypass option in a config file which the original binary naively executes at runtime resulting in unintentional data revelation.
"Why would anyone bother if they already have root," you may ask? Persistence of malware presence. The less you have to do to alter the boot chain process, the easier it is to remain undetected. Most of the time malware scanners don't look at insecure defaults in config files, they're looking at binary hashes and other general behavior indicators. For example, almost no scanners will detect Python based malware.
Comment