“Backdoor” is a common term within AV industry to refer to (unwanted) software that receives command and control from another system. A “rootkit” is software that hides itself from various listings, such as by manipulating kernel structures or inline hooking userland APIs. So, in antivirus lingo, this article describes a backdoor and not a rootkit.
The malware masquerades as systemd by using that term in its filenames. I don’t see any indication that it is distributed with systemd (what you’d call a supply chain compromise).
The use of the word “backdoor” is odd.
From what I gather, this is a rootkit. Upstream systemd doesn’t have this code.
“Backdoor” is a common term within AV industry to refer to (unwanted) software that receives command and control from another system. A “rootkit” is software that hides itself from various listings, such as by manipulating kernel structures or inline hooking userland APIs. So, in antivirus lingo, this article describes a backdoor and not a rootkit.
The malware masquerades as systemd by using that term in its filenames. I don’t see any indication that it is distributed with systemd (what you’d call a supply chain compromise).