I have multiple sites on the same host and almost daily I find new files like 4am7ritg.php in random directories in wp-content/uploads
Doing a scan does not reveal any issues besides finding these files. It does not seem that a current WP user account has been compromised.
Is there a root cause likely to be behind finding these files?