[quags]

There isn't enough info for how the compromise happened and it may not be related to cpanel at all. What I find interesting is in 2017 godaddy bought Sucuri which monitors and cleans up malware, not sure if they still own it - but combining securi and shared hosting makes the most sense. Most of these cpanel hosts (excluding godaddy) are using products like CloudLinux+Imunify360 to better secure sites, clean up malware automatically. Godaddy is already outsourcing their cpanel control panel, it would only make sense to do what others in their space are doing and automatically be adding security products to theirs sites. Like - a c99 shell - would never make it on an imunify360 server it would be immediately detected and disabled.