alt Hacker NewsTo clarify, when does this run? Like you download malware A, run malware A and this function definition changes sudo for it, or sudo for other cases?
To clarify, when does this run? Like you download malware A, run malware A and this function definition changes sudo for it, or sudo for other cases?
This could for instance be injected into your .bashrc when you do an "npm install" of a package that has a deeply nested supply chain attack.
Then the next time you run sudo, phase2 triggers installing a rootkit, etc.