” Once root access has been obtained, a rootkit known as
“phalanx2” is installed.“Phalanx2 appears to be a derivative of an older rootkit named
“phalanx”. Phalanx2 and the support scripts within the rootkit, are
configured to systematically steal SSH keys from the compromised
system.”