Opencart 2.0 hacked

Hello,
I am sharing hosting space with a friend of mine. We both use Opencart 2.0.1.1. Last week I had some strange pop up whenever I went to use my admin panel asking for billing information (see attached image). Last night it was brought to my attention that his site is getting the same pop up when a user goes to view a category. I have done some discovery with Fiddler but can not really come up with anything substantial. If anyone has any ideas we both would greatly appreciate the input.

Thanks in advance!

What Ideas, by just by looking at an image ?
Ernie

A few things you could to do if you haven't already.

Change your hosting passwords including all FTP accounts that may have been created.
Change the OpenCart database user password (remember to update the two config.php files with the new password).
Check the files or your server have not been modified or new files added by comparing against a clean download of your version of OpenCart and any modifications.
Check your database for any injected code.
Lookup through your servers web access log for anything suspicious that may help you find where they are getting in.
Check the OpenCart error logs for anything suspicious.
Check for any additional admin accounts (and maybe name from the default of "admin" or better still create a new admin account and give full permission and then delete the default account).
Check your database can only be accessed from the relevant IP addresses.
Switch off displaying of errors in OpenCart on on your hosting (this has to be done in the admin and the config files in version 3).

I've seen sites attacked through week or stolen FTP passwords, vulnerabilities in extensions, ect.