I had the same issue! On one of my client's site I've found and removed the file in question. It was here:
There may be other files on the account that have been compromised so it's important to audit the entire account. Actually it would be a good idea to delete that plugin and if necessary, reinstall it from a new copy.
So basically it is due to the W3 Total Cache recent update! Secure your site whenever you can with all the plugins you can!
Here are 2 more articles on the topic:
Read this - https://premium.wpmudev.org/forums/topic/security-plugins-over-and-above-bulletproof-security it may help prevent any hacking attacks in the future....
1. Make sure your wp-config.php has 750 permission - if needed - change the permission through your FTP software or 600. Files should be set to 644 and folders - to 755 or 750
2. Use Back up WP plugin like xCloner or WPdatabase
3. Do not use "admin" as a username! This will make hacker's life muuuuch easier!
4. Use security plugin like - https://wordpress.org/extend/plugins/secure-wordpress/
5. Scan your theme files for potentially malicious or unwanted code by using this useful wordpress plugin - https://wordpress.org/extend/plugins/tac/installation/
6. Use strong password. Go to your Cpanel and... you know where to click to generate one! :-)
7. For your advanced protection, you can use:
- WP Security Scan;
- WordPress Exploit Scanner;
- WordPress File Monitor;
- Login Lockdown plugin
These plugins are great for WP protection:https://wordpress.org/extend/plugins/wp-security-scan/https://wordpress.org/extend/plugins/update-notifications/https://wordpress.org/extend/plugins/wordfence/
Use .httaccess to protect your wpconfig.php file! You can use this code:
deny from all