Virus, be careful

this plugin has been installed without desire and usually in trip or last time quadruplicate.
how do i stop the infiltration?
thx.
bill

My 10 websites were hacked by this plugin.

Suddenly WordPress login was changed to admin

and all plugins were deactivated and in the plugins folder, I see this plugin but it called random letters erfsdf/malware codes.

Does anyone know how this happening?

Please help.

This is a big problem. Somehow this plugin is installed on several of my sites also.

Got hacked – this plugin was added to my install. I’m on Inmotion hosting. These were my plugins at time of hack:

My plugins at the time of hack:
– Admin Columns
– Advanced Custom Fields
– Classic Editor
– Custom Post Type UI
– Divi Accessibility
– Duplicator
– Imsanity
– Post Types Order
– Really Simple SSL
– Spotlight – Social Media Feeds
– Wordfence
– Yoast SEO

A client of mine has the same issue. I did a scan with WordFence and Sucuri and both didn’t find anything.

The only plugins in common with Brian are WordFence and Yoast.

Other than that the plugins installed are:

Antispam Bee
Avada Builder
Avada Core
BackupBuddy
Contact Form 7
Events Shortcodes and Templates Addon
Green Popups (formerly Layerd Popups)
Mailster – Email Newsletter Plugin for WordPress
ManageWP – Worker
Paytium
The Events Calendar
Ultimate GDPR & CCPA
WordFence Security
WP Reset Pro
Yoast SEO

Did anyone solve this or found the culprit?

A client’s website was hacked overnight and this plugin installed.

The only plugin my client has in common with those above is Wordfence and that had been made harmless because they had changed something in the Wordfence directory which caused it not to load correctly.

The main admin had been changed to Anonymous Fox.

I solved it in the end by overwriting all plugins with new files.