Dear DavidR and polonus,
thank you for your replies. I looks like that the most dangerous thing is the chimpstatic js script which is part of the MailChip integration. But then every site that uses MailChimp should be flagged as infected as well.
Regards!