Hackers have all kinds of ways to infiltrate servers and access files unauthorized. If you find PHP code with a suspect source, it’s worthwhile to investigate it further and in great detail. Hackers frequently employ a method called obfuscation to hide their malicious code in plain sight. The best preliminary way to begin evaluating the code is to highlight everything differently so the unusual code, such as string declarations and concatenations, begin to stand out. Once those are identified, use echo to follow the suspect functions down their rabbit hole.
For example, for a suspect ‘$ItemName’, add ‘echo $ItemName’ and note its revealed function. Continue following the breadcrumbs with an echo function, even if the result is a huge mass of concatenations, until you reach the heart of the infiltration. This will reveal the depth of hack and confirm the malicious activity without executing it.