L.S.
Inherent when vulnerable javascript is being used on PHP-driven CMS,
sometimes such potential insecurity could lead to malcode like crypto-PHP-malware.
See this way to remove such malware:
https://github.com/shieldfy/CryptoPHP-malware-removal/blob/master/cryptophp_removal.phpInfo credits for these github contributions go to "netcode" -> shieldfy seems left since 2014,
which is quite long in the digital time-frame as we know it,
Maybe some remover here may put this contribution to a good purpose
I just link to it for what it is worth,
Damian aka polonus