It depends on how the product was crafted per person.
On some consumer OS versions all you have to do is get under the consumer grade antivirus by not having to use in the wild malware thats been found.
That product has to avoid consumer grade antivirus behavior analysis, cosumer software firewalls over days and get the data out.
The 'out' part can be just as fun. A waiting consumer computer that looks like any other home computer in an empty home at the end of a city street with rental phone company records to match.
As for Linux
http://www.theguardian.com/tec... (16 September 2014)
http://www.theguardian.com/tec...
has the line " can infect Apple OS X, Windows and Linux computers as well as Android, iOS, BlackBerry, Symbian and Windows Phone devices."
The issue is consumer grade antivirus has to have something to find and report back on. If the software is crafted per person and then removed in a short time that consumer grade antivirus option will never be a factor.
The other option is just to go for the keyboard or other cell phone input layer on the active cell device. A user can then encrypt, hide ip all they want at a software or higher hardware level but every keystroke is collected.
With a correct password any later software alterations would be part of the next expected, correct Linux checksums. The keyboard logger would not even have to use any internet network, it could just go very short range wireless avoiding all software/hardware packet sniffers efforts.