Because of all that happened recently, let me be quick 🙂
Various soft present to automatically add text within webpages on compromised websites.
Those chain of samples for recent attack I followed 🙂
Hacker intrude on poorly configured website: thru software flaw, poor configuration or stolen credentials.
Software (shell) uploaded to remotely manage such website, link written in database of compromised websites.
Bundle of websites sent a command to add to each (or specific, default for example) page malicious code: