I don't think anyone bothers to backdoor a shell in that way. Why not just target libc via LD? That tricks bash, sh, python, etc; but you can use setuid to check for the existence of malware that is evading through LD_PRELOAD.