Your website got hacked most likely,
You should reinstall the websites files as some might be affected and the virus will return eventually,
Do this by deleting all the wordpress files except wp-config.php, .htaccess, rbotos.txt, ads.txt & wp-content folder,
Then replace the folders from a fresh wordpress installation, you'll need to double check the above files/folders manually as well,
Reinstall the theme & plugins & replace all of their folders with fresh updated versions,
You might want to remove all the uncessary plugins or probably some that has been added by the hackers to easily reinject the website,
Next, check the website users as you might have ton of spammy new users added to the website,
delete all of them & change the other users passwords as well,
Then, you'll need to install wordfence to scan all the remaining files in the wp-content folder as some might be infected as well,
normally this is better to be done manually, usually the injected files do have a bigger size so they're easier to spot, take your time and fix all of them,
Even then, sadly the website will still struggle in the SERPs especially with the recent G updates and you might have a long period where the website is doomed,
So, if you don't have much data added to the website, you might want to start over with a new domain with a fresh installation & redirect the old domain to it