Comment by dathinab

> The developer machine was compromised in a deeper level (rootkit?)

Unlikely that would not have taken 3 month.

> The developer installs a particular application in each Linux box

Possible, but also unlikely, as long as the vm wasn't used for other things this also wouldn't have taken 3 month.

> The developer installs a particular application in each Linux box

There probably is, but it probably has nothing to do with this exploit. For the same reasons as mentioned above.

My guess is that it was a targeted attack against that developer and there is a good chance the first attack and the second attack used different attack vectors hence the 3 month gap.