Numerous sites are affected already by for.dontkinhooot[.]tw & lovegreenpencils malware, directing users to:
This contamination affects PHP files, JS files, wp_posts tables, site URLs.
If you recently noticed new email accounts created or suspicious FTP accounts, your hosting account is probably affected by anonymousfox hack.
Attackers exploit web files via WordPress and later edit .contactemail file, which helps them to re-gain cPanel access.
In order to sort this issue, there are several steps to take: