We found very old and hidden WordPress cookie, which named wp_cookie. This allows an attacker to run anything on the compromised user website with user permissions.
wp_cookie
This is a very clever attack method that allows arbitrary commands to run on a server with ignoring any server security software, just like normal PHP code.
Also, this have been a very long time hidden, we found that the timestamp on files is 2014: then.
That’s why we don’t publish source code, but we recommended scan server, PHP files our ClamAV Signatures to detect this malware and clean up.
Final words
Use Malware Expert – Signatures detect this malware from files for FREE!
Websites that using Malware Expert – ModSecurity rules are protected against this attacks.