Wordfence to the rescue

“During a routine check of our servers, we detected malware in your account “”:

Malware Signatures:
#1 SUSP_GIF_Anomalies [author=”Florian Roth (Nextron Systems)”]
#2 WEBSHELL_PHP_OBFUSC_3 [author=”Arnim Rupp (”]
#3 Sanesecurity.Phishing.Cur.252.UNOFFICIAL

Important notes about this list:
The part marked with # after the file name refers by number to the matching malware signatures further down the list. Some malicious code may also have been injected into your website’s regular files. The list is not necessarily complete and also may contain false positive results.

These files appear to have been injected through the administrative backend of your WordPress installation.”