possible infection in "Modules.php" file

[Kali-Gula]

Hello, I would like to ask if in your source code there is a file called "Modules.php" A colleague tells me that on his website, passing wordfence, a path appears: "wp-content / mu-plugins / nue / vendor / bacon / bacon-qr-code / Modules.php" detected as malware.

I have downloaded your .zip and I don't see that it has that file. This installation is normal in mu-plugins / nue

Thansk

[DASPRiD]

BQC v1 had a Module.php, but no Modules.php: https://github.com/Bacon/BaconQrCode/blob/1.0.3/Module.php

[Kali-Gula]

Ok, I'll delete the file then. Do you want me to send you a .zip with the infected plugin for you to review? I say it because it goes like your name and developer. Thanks

[DASPRiD]

You could put the source code in a gist and link it here, sure.

[Kali-Gula]

I don't know how to do it. If you explain maybe

[DASPRiD]

Just go to https://gist.github.com/, there you can paste the source of that file.

[Kali-Gula]

vendor.zip I don't know if it's ok here

[DASPRiD]

Yeah, that's definitely malware.

[Kali-Gula]

OK, THANKS its inside "wp-content/mu-plugins". Called "nue"... Can you know where it comes from ? or how install it ? nue.zip Do you think I can DELETE all the mu-plugin directory if I don't use it.

[DASPRiD]

I have no idea.

[Kali-Gula]

OK, Really THANKS ! ;)