You need to make sure that your command hash has not been subverted.

Use the hash -r command to clear entries from the command hash.

On execution, bash “remembers” the location of most commands found in the $PATH to speed up subsequent invocations.

If an attacker can trick root or even another user into running a command, they will be able to gain access to data or privileges they shouldn’t have. One way to trick another user into running a malicious program is to poison the hash so that the wrong program may be run.