The rootkit-like tool was found by Yahoo’s internal security testing team during one of their checkups, according to a source.

“They assumed it was a rootkit installed by hackers,” an ex-Yahoo employee, who requested anonymity to discuss sensitive issues, told Motherboard. “If it was just a slight modification to the spam and child pornography filters, the security team wouldn‘t have noticed and freaked out.”