It appears through some method not clear to us at this stage, a malware kit has been inserted, something like Sweet Orange. It's possible it's because the code base underneath has been
It manifests itself in appending a <script> section to the webpage (after the closing </html> tag). But it doesn't always do it, it's either random or some more sophisticated algorithm.I can't find it anywhere in .php files so I suspect it's either encrypted or stored in the database as part of template. I think it's out of our level of expertise, wondering if anyone here has some advise or could offer some assistance?