This post will be updated as time goes on but let's start. With Wordpress when plugins are vulnerable and the issues become public it can take minutes for sites to become infected. It's a sad thing about Wordpress being so large.
A good idea is to disable any plugins you don't use and make sure they are not a cause before messing around with the files that control the look of your site, but if you are unable to find it in any widget blocks or plugins getting disabled are not solving your problems you will want to SFTP in and check files manually.
Here are some files to manually check:
- header.php: Current Theme header file
- footer.php: Current theme footer file
You are looking for hard linked JS scripts usually with a URL you don't know. If you are unsure view the JS in a online preview tool https://codebeautify.org/source-code-viewer to view the source without opening the file.