I had a lot of trouble with this as it kept coming back despite all the efforts and scans with several tools.
I have created a cron job in cpanel as a workaround to detect and delete monit.php from all of your WP installations.
Note: Obviously this is NOT a proactive solution, so using strict security measures is necessary on top of this.
find . -type f -name “monit.php” -exec echo {} \; -exec stat {} \; -exec rm -f {} \; | mailx -E -s “monit.php threat deleted” YOUR_EMAIL_ADDRESS
https://forraskod.blogspot.com/2020/08/monitphp-malware.html
