https://www.welivesecurity.com/2018/12/05/dark-side-of-the-forsshe/
ESET researchers discovered a set of previously undocumented Linux malware families based on OpenSSH. In the white paper, “The Dark Side of the ForSSHe”, they release analysis of 21 malware families to improve the prevention, detection and remediation of such threats
[...] Something that wasn’t originally discussed in the Operation Windigo paper, but that ESET researchers have talked about at conferences, is how those attackers try to detect other OpenSSH backdoors prior to deploying their own (Ebury). They use a Perl script they have developed that contains more than 40 signatures for different backdoors.
https://www.welivesecurity.com/wp-content/uploads/2018/12/ESET-The_Dark_Side_of_the_ForSSHe.pdf
(Score: 2) by digitalaudiorock on Friday December 14 2018, @09:40PM
What threw me about that is that the very fact that the malware got installed seems to imply that you've already been rooted right? The manner in which that happened seems to be the big concern to me.