The most common payloads delivered via Baget were AsyncRAT and NanoCore, turning victims’ machines into zombies for credential theft, keylogging, and ransomware staging.
The patch removes the unsafe argument handling: pkexec now validates argument count before any out-of-bounds write.
Patch commit: Polkit Git 7e3526d baget exploit 2021
Some threat actors named their specific implementation or pack of tools "BAGET." Public exploit code is often simply named cve-2021-4034.c. The most common payloads delivered via Baget were