You need to make sure that your command hash has not been subverted.
Use the hash -r command to clear entries from the command hash.
On execution, bash “remembers” the location of most commands found in the $PATH to speed up subsequent invocations.
If an attacker can trick root or even another user into running a command, they will be able to gain access to data or privileges they shouldn’t have.
One way to trick another user into running a malicious program is to poison the hash so that the
wrong program may be run.