I received an email from CERT Australia specifiying:
"the national computer emergency response team (CERT), has received information indicating that your website has been compromised by the malicious 'Stealrat' remote access trojan (RAT). Websites compromised by Stealrat typically contain malicious PHP files that have been installed on the web server. Further information about Stealrat can be found by searching for "stealrat botnet".
Please note that simply removing the malicious PHP files will not make your website secure. There is a security weakness with the site that was exploited in order to install the malicious files, and this weakness must be remediated to prevent future compromises.
The malicious Stealrat files that have been identified on your site are listed below:
/ modules / mod_jevents_cal / tmpl / default / global.php"
It was jEvents v3.1.12 that was installed when this attack happened.
The jEvents on this infected website is now up to date and clean.
I was just letting you know to tighten the security of this module. Thank you for providing the module.