Looks similar to a search redirect. You’ll see the results when all of your search results go to someplace else.
Lots of ways for it to get in there. But, fix the htaccess. Get a standard one from WP here: https://wordpress.org/support/article/htaccess/.
Then, you should change all credentials: hosting, ftp, database, MySQL, and WP admin credentials. Look for unknown WP admin accounts (and extra FTP accounts). Check you wp-settings.php and wp-config.php. Look at the index file to ensure no extra code. Look at all files (via your hosting File Manager) to ensure no extra code. Look for hidden ICO files that contain code. Look at the wp-posts and wp-options tables for extra records that contain just numbers/characters.
Cleanup is hard – my process is here https://www.securitydawg.com/recovering-from-a-hacked-wordpress-site/ . But even then that process is not perfect. I’ve got one client with a shared hosting and multiple WP and non-WP sites that keeps getting reinfected. And I’ve done all of the above stuff. Still haven’t figured out where it’s coming from.