One of our IT users made a snapshot of our Moodle login page with image on top as shown in the attach picture. We have 6000+ users and our Moodle is being accessed almost 24x7. So far, none of our user reported seeing this. When I checked the site, there is no such image.
We are running Moodle 3.1x on Essential theme.
I am clueless if there were potential hacking. If it does, where and how it could possibly being done.
FYI, I have scanned the login.php, index.php file and no indication that the file has been modified recently. It is also unlikely a prank as it is coming from our parent company IT department.
Anyone who have any idea, kindly assist.
Thanks in advance.