Malicious code injection - Header / footer - config.inc.php

[zion]

Hello everyone, I want to share a problem that we have had, we have managed to solve it but we still do not know why it has occurred.

Versions:
· Prestashop 1.7.6.9
· Theme Warehouse 4.3.4 + Child

Problem:
· Malicious code injection in header or footer (depending on active caches)

Measures taken:
· Create a copy of the web for testing
· Disable overrides and modules
· Disable child theme and theme (warehouse)
· Check with the module 1 click update the modified files
· Check these files one by one until find the modification
· Remove the modification that injects code

Affected file:
· The affected file was "config.inc.php", at the bottom of the file:

We would be very grateful if someone helps us or gives us a clue as to why this could have happened and how to avoid it, thank you.