Hackers are injecting Malware in WordPress websites. It is called as Deceptive Site or Social Engineering Content attack. Google take it seriously and shows your website visitors the Red Page warning to not use your website.
Also, Google Penalize Rankings for these websites which is nearly impossible to get back later.
I personally suggest every wordpress user to use WordPress security Plugin for Deceptive Site & Social Engineering Content before Any website gets penalized and business is ruined by hackers.
There is only 1 WordPress Plugin at the moment that is dealing with Deceptive & Social Engineering Content. It runs scan ever hour to keep our website safe from Injected code/files.
Just in case you want to safeguard Your business from Those Hackers please use this Security plugin as a precaution right away.
WP Security Plugin for Deceptive Site — https://dobadu.com/product/Wordpress-plugin-for-deceptive-site-social-engineering/