This malware drops the malicious payload as a zip file that is stored in its body. Using this method for obfuscating the code distracts the unaware website owner thus making the malware lifespan longer.
There could be any other type of malware in this archive such as backdoor, hacktool or a spam content. The archive is extracted using attached zip routines and can be used by attacker for further actions.
This malicious code affects any vulnerable or compromised website that is configured to interpret the script language.
Inspect your site's files, specially theme related, to find for code you don't recognize. Look for any encoded or obfuscated PHP code.
Also, you can sign up with us and let our team remove the malware for you.