To what extent is a GUI modifable with low effort, assuming superuser access? [on hold]

Supposing that through an exploit you get superuser access to a machine and that you want to modify running applications in subtle ways with least effort, to what extent is a GUI modifiable?

An example would be modifying a button click to do something you want instead of its default behavior. Another example would be putting an extra button which says “log in using your bank account” and takes your credentials.

I specified “low effort” because of course you can create another application which looks just like the original one except for your changes, but that’s high effort.

I know that the web is quite vulnerable to such modifications (if the user installs a rogue browser extension — that’d be the “superuser access” equivalent in that world), and I’d like to know to what extent is software GUI vulnerable.