Just got this hack today. WordPress 4.9.2. Keymaster username was changed to monkey, password changed also. Email address wasn’t changed, so I could log in through the WP password reset function (just enter your email address…and the email you get tells you your new username, and you reset that password.) I can’t see anything else malicious.
Through cpanel->PhPMyAdmin, searching “monkey”, it shows up in the wp_users table — edit the table for your keymaster account back to your username. That’s all there is to it.
Now how it got hacked/changed is another question.
