Malware infections are spreading in WordPress that cleverly disguise themselves as common programs.
Characteristics of Malware
Malware up to now has been obfuscated and is a single line of code that is instantly recognizable as malware.
However, this malware, which has been spreading recently, is often named RandomString.js.php and has the following code. (This is a screenshot, so it is safe.)
The above type of malware is not easily recognizable as malware at a glance, and is very cleverly made to look like general programming, with multiple lines, randomly changing comment content, and randomly changing code even though the functionality remains the same. This makes malware detection difficult with pattern matching and makes it a difficult type of malware to find even visually.
*But a closer look at the code reveals that the code and comments do not match at all.
return $linkcheck . '.' . $v_header_list; // There must exist an expired lock, clear it and re-gain it.
Also, this malware can be placed anywhere on the server.
How to find and remove the malware?
We try to detect this type of malware as much as possible with the latest malware detection patterns of the [Free] WordPress:Malware Scan & Security Plug-in [Malware and Virus Detection and Removal].
As new patterns are discovered, we are constantly registering new patterns to improve our detection.