As one commenter on the site points out, this is not a backdoor in any meaningful sense of the word, because it still has to be snuck onto the machine. Malware, yes. Backdoor, no.
With the help of LD_PRELOAD, Symbiote will load before any other shared objects. That allows the malware to tamper with other library files loaded for an application. The image below shows a summary of all of the malware’s evasion techniques.
if you could run an app to compare your network traffic with what your router or switch shows that would be a dead giveaway, but also would require tools that I’m not sure exist right now
So what can you do about it? Tripwire checksumming your whole system is probably a good countermeasure, but if you’re already infiltrated, you’re probably fucked. As with all rootkits.
One of the comments from under the arsetechnica article mentions possibility of corporate espionage…I’m inclined to believe that, but obviously that’s pure speculation.
uuuuh
