Various black hat SEO tricks that make injected spammy links indistinguishable from regular text. Since the links are technically not invisible this helps avoid flagging for hidden links. At the same time, it's easy to miss such links inside articles since they don't visually stand out from the rest text (unless you read very carefully).
Usually hackers mask the injected links by adding the text-decoration: none style to them.
Any web sites. The main targets are WordPress and Joomla sites, where hackers inject links inside posts in CMS' database.