From a research i made hackers have been targeting websites with inadequate security to implement cryptojacking. The websites have been affected with a malicious code due to a vulnerability in an outdated version of Drupal.
Coinhive injected via the same Javascript library (jquery.once.js?v=1.2).

Every website that is affected should upgrade their Drupal version asap.