Yes, that looks like a typical hack. You’ll want to:
1. Delete the plugin (and any other infected plugin), and upload a fresh copy.
2. Change all passwords (WP, hosting, FTP etc..)
3. Make sure everything is up to date.
4. Make sure none of your plugins are super old/haven’t been updated in years.
It could also be hosting if you’re on shared hosting. One of the issues with shared hosting is someone else on your server could be hacked, which can give hackers a way into your site as well.