Perhaps you accidentally downloaded the file using a browser?
This topic might even be a good template for a FAQ where we explain script kiddies vs sophisticated attackers and off-the-shelf malware vs tailored malware. Or perhaps we just improve the malware chapter?
It’s unlikely the result of a compromise. Any slightly skilled attacker would not leave such obvious traces. Long time ago I educated myself on malware building toolkits, they were not even remotely as obviously detectable as this. You can verify that by learning about off-the-shelf malware building toolkits. It is certainly dangerous to install (sadly only if you do not know what you are doing) and use such software, but researching textual, screenshots and video tutorials should be safe.
It is more likely, that rootkit technology is already a standard feature of malware build toolkits. Can someone share more knowledge on this topic? Are there any (linux) open source malware builder tools?
The only thing that might have happened is an attacker wanting you to find something. But how likely is that? It occurs to me, because script kiddies do stuff like remote controlling random Windows user victims and then troll them opening a forced chat window, opening their dvd driver and other stuff. But for linux, I don’t know if that kind of script kiddie stuff even exists. And sophisticated attackers would avoid, unless perhaps Zersetzung is their strategy.