Which leads us to the other change. Command de-obfuscation techniques can be as simple as replacing the eval() method with print() causing the script to spit out it's inner workings in a more readable manner. Some malicious code is starting to overload the print() method with the malcode author's own code (and who wants to execute that code?) Potentially this would be capable of doing anything, the Fortinet example shows a somewhat deadly combination of ls and rm to give an analyst a bad day.
Similar analysis over at InfoSanity with additional links to further sources for those wanting to look at this in more depth, my primary question though is: Is this something people are commonly seeing the wild?