A website owner contacted us worried about pornographic content showing in Google results for their site. A malicious cron job showed up along with a file named.cache.php, but these didnt appear to be the actual source of the pornographic spam. This particular SEO spam not only created bogus meta-data for the main text link and description, it also changed the sitelink snippets (short descriptions of secondary page content) below the clients initial hyperlinks:. The attacker hopes you will focus on the theme files (i.e.php) and the files in the root of the WordPress install.”]
Source: https://blog.sucuri.net/2016/08/cleaning-hijacked-google-seo-spam-results.html