stats.js virus

hello hosting send many times for all our website this alert:

Dear Customer,

we have detected the presence of some malicious files that compromise your sites.
These files have probably been uploaded through vulnerabilities in the CMS, themes or plugins it uses. Therefore it is advisable to delete the malicious files (by checking them), update the CMS / themes / plugins to the latest versions available online and change the administrative access passwords to the CMS itself.

N.B. There are two possible types of malicious files detected:
1 – files with the wording “Moved to quarantine”: they are certainly malicious files to which public access is inhibited and which you can consult in the “Security” -> “Quatantena Malware” section of your cPanel;
2 – files that do NOT have the wording “Moved to quarantine”: they are files that the scan considers possible threats, but which can also be false positives and therefore functional files for the activity of your CMS / site / application. These are not moved to quarantine, but we still recommend checking the code in these files, to eventually clear them from code not entered by you.

This is the list of domains with the details of the files detected.

Domain: rrnailshop.it

File modification date (and detection description)
2021-03-15 08:14:23
/home2/nvrrnail/public_html/wp-content/plugins/seo-by-rank-math/includes/modules/analytics/assets/js/stats.js
YARA.SP_31_20180830_php_xor_function.UNOFFICIAL FOUND