I just got this notice from our host:
We recently completed a routine security checkup of our servers and platforms. Our scans flagged your xxxxxx.xxx hosting accounts as containing possible malware.
Please sign in to your hosting account and review the following content and remove or fix the files listed below:
public_html/care/wp-content/plugins/better-wp-security/core/lib/itsec-zxcvbn-php/matchers/ranked_frequency_list-passwords.json
Is this really malware or have servers been incorrectly identifying it as malware?