Pardon me if it's a stupid question, but a backdoor to what? I don't really understand what it's about. In my mind a backdoor is hidden feature built into another _useful_ piece of software.
Is this "just a backdoor"? Like, its sole purpose is to give remote access / exfiltrate information? If so, how does it end up on systems? What is the vector?
The term "backdoor" kind of has two commonly used but somewhat different meanings: an embedded backdoor and an access backdoor. (Or perhaps "application backdoor" vs. "system backdoor".)
The first meaning is what you describe: something malicious stealthily implanted into an otherwise-legitimate or thought-to-be-legitimate application or appliance.
The other meaning covers any method of secret access persistence on a compromised system (generally a host, like a server). This could be something like a bash script that launches a reverse shell when you login, a malicious kernel module that extracts and executes arbitrary C code if a specific pattern is detected in network traffic, or just about anything imaginable. And you could also achieve it with the former definition.
I think among the infosec community, it's indeed more common for "backdoor" to refer to the former and a general term like "persistence" / "persistence mechanism" (though that can potentially refer to anything malicious that persists), or sub-categories like "foothold", to refer to the latter. "Backdoor" for the latter wouldn't be a misuse, though.
There's also a possible looser third definition, where lazy / fearmongering anti-virus companies sometimes like to label almost any kind of malware a "backdoor" or "backdoor trojan", perhaps because that carries more frightening implications for end users than a term like "virus" or "malware". It somewhat overlaps with the second definition, but I think it's rare a technical person would use it that way; it's less rare that a technical person might use the second definition.
This is what you drop on a system after it's compromised for use later, it's a RAT.
It gets there via some kind of compromise, either an insecure application, some drive-by exploit for some missing patch, owning a sysadmin and pushing it out via ansible/salt/etc.
it's a virus. lol. there are many ways to get them onto systems. file download site, typosquatted apt/pip package names, buying/hacking a download mirror website, 0-day browser exploits, etc.
I think the computer term for the thing that most resembles how a meatspace virus behaves and propagates is "worm". Most worms can probably be classified as viruses, but most viruses nowadays (thankfully) aren't worms. (It can also generally refer to anything that's malicious and recursively self-propagating, like Samy's infamous Myspace XSS worm [1].)
Meatspace viruses are like computer worms, though computer viruses and computer worms aren't like meatspace worms; for that and a laundry list of other reasons, "malware" has superseded a lot of those terms among the infosec community.
> I think the computer term for the thing that most resembles how a meatspace virus behaves and propagates is "worm".
A compuyter virus self propagates with human intervention. A worm self propagates without human intervention.
I think the biological item that most closely resembles a work would be a parasite that is self-mobile. E.g. a botfly.
Various computer virus' in the past propagated through floppy drives and infected floppies, but you were safe as long you didn't initiate the action that caused the infection (use the floppy in your computer). Also, you can get a virus by visiting a website, which is also initiated by the uninfected.
Worms used infected host resources to actively seek out and infect other hosts without any initiating action by those other hosts.
In this way, meatspace viruses are NOT like computer worms. They don't cause their hosts to seek out people to infect. Infection is either coincidental or requires some allowance by the candidate (close contact, use of shared resources, etc).
That's true. Biological viruses are kind of in between computer viruses and computer worms.
I still think a worm is a decent analogy, though. For example, the first thing a worm will often do is scan the local network and try to infect each "living host" it finds in its vicinity. In some sense it can be seen as having some kind of willpower or intention, but it's a little more like a blind, unthinking process of trying to constantly fire itself in all directions, not unlike how a virus is unthinkingly regularly emitting itself into the air around it to infect those in its vicinity.
Is this "just a backdoor"? Like, its sole purpose is to give remote access / exfiltrate information? If so, how does it end up on systems? What is the vector?