Warning GMC suspensions due to Malicious software asaplabs

Solved

Warning GMC suspensions due to Malicious software asaplabs

EmmanuelFlossie
Shopify Partner
3350 255 805

I am receiving a lot of clients that are getting suspended due to Malicious software starting yesterday.

 

They seem to be using an app (which one I don't know yet) that is sourcing from asaplabs

 

Not sure if its anything to do with ASAPLab (different URL)

 

When checking several clients the subdomain URLs are all different such as

geo.s.asaplabs.

ym.s.asaplabs

 

Which redirects to an unrelated website URL.

 

I recommend a Shopify staff member look into this, as it is definitely a phishing attempt.

 

For anyone else reading this, please contact Shopify Support.

 

Get in touch with Emmanuel: a Google Shopping Specialist, Google Ads Diamond Product Expert, and also a a Google Product Expert Education 2021 & Tailwind 2023 Award winner.
Need Google Merchant Center or Google Shopping support?.
Accepted Solutions (3)

EvanG1
Visitor
2 1 2

This is an accepted solution.

There was an app on our store called Yandex that we weren't using but must have been installed a few years ago.

 

This morning it appeared to be inserting a line of code into the head that is redirecting some traffic to an asaplabs domain so I have deleted it.

 

I would recommend anybody else with the Yandex app do the same.

View solution in original post

RQ__Web_Design_
Shopify Partner
20 1 8

This is an accepted solution.

Hi everyone,

 

We were also having the same issue and contacted Shopify support. They were able to look in the backend of our store and told us the culprit was an app called "Geo Targeting - Notify pop-ups". We deleted it and the script from asaplabs was gone after that.

These were the details shared by the Shopify rep:

  • It seems like it is coming from a third party app - in your case, it is coming from the "Geo Targeting - Notify pop-ups" app. It is suggested that you remove it and revoke any access they have.
  • When we search on the back end through installed apps on the store, this one has "asaplabs" in the script URL
  • Only we have access to this back end, it's like a "profile" of all stores.

 

Since only Shopify can see the scripts of all apps installed I would suggest anyone facing this issue goes to the chat and ask for their assistance.

Hope this helps!

View solution in original post

shawnastm
Tourist
3 1 1

This is an accepted solution.

Go to one of your disapproved pages and type before the url "cache:"

That will show you the DATE of the page cache Google is ACTUALLY scanning. Our problem was the same, we removed the code but Google kept disapproving them saying the code was still there even though by manual review it was NOT. The issue is Google uses OLD CACHED pages with their fancy scanner thing on their end and the code will still be present from a couple weeks ago. It's just going to take time for Google to re-cache and check new versions of your website. It took us 2-3 very frustrating weeks. We reached out at least 5 times a day, made them aware of the cache issue, trying to get them to refresh things on their end... but we simply had to wait it out.

View solution in original post

Replies 33 (33)

EvanG1
Visitor
2 1 2

This is an accepted solution.

There was an app on our store called Yandex that we weren't using but must have been installed a few years ago.

 

This morning it appeared to be inserting a line of code into the head that is redirecting some traffic to an asaplabs domain so I have deleted it.

 

I would recommend anybody else with the Yandex app do the same.

James-Does-PPC
Shopify Partner
8 0 0

Hi @EmmanuelFlossie ,

 

Did you find a resolution for your issues? Was it the Yandex app too? We don't have that app but we're seeing the same issues pop-up.

 

My Malwarebytes browser guard is popping up with an error, citing the asaplabs domain as an issue;

 

Capture.PNG

 

Shopify support are telling us to speak to Google ads (regarding ad disapprovals caused by their flag for 'malicious content') and saying Google are having a lot of 'false flags' at the moment - That doesn't really hold water though as my browser guard (which has nothing to do with Google) is flagging the clients site for containing a trojan!

 

Cheers!

James-Does-PPC
Shopify Partner
8 0 0

Update: We found the culprit app for ours, it was pop up app used to notify international users of being on the wrong site. Doesn't seem like it was isolated to the Yandex app.

EmmanuelFlossie
Shopify Partner
3350 255 805

I have not looked into the clients account, I just found it very suspicious I got a lot of emails in one day about the same issue. Which signals a global issue.

 

When I first looked at it, the subdomain was geo, which I thought was related to a GEO app, but the second subdomain does not make sense.

 

It is entirely possible several apps have been hacked, not just one.

 

And yes, this is not a Google issue, I'm using bitdefender that is detecting the issue, which has nothing to do with Google.

 

And the URL itself is redirecting, which should not be the case if it was a real app.

 

Shopify needs to look at this deeper.

Get in touch with Emmanuel: a Google Shopping Specialist, Google Ads Diamond Product Expert, and also a a Google Product Expert Education 2021 & Tailwind 2023 Award winner.
Need Google Merchant Center or Google Shopping support?.

RQ__Web_Design_
Shopify Partner
20 1 8

This is an accepted solution.

Hi everyone,

 

We were also having the same issue and contacted Shopify support. They were able to look in the backend of our store and told us the culprit was an app called "Geo Targeting - Notify pop-ups". We deleted it and the script from asaplabs was gone after that.

These were the details shared by the Shopify rep:

  • It seems like it is coming from a third party app - in your case, it is coming from the "Geo Targeting - Notify pop-ups" app. It is suggested that you remove it and revoke any access they have.
  • When we search on the back end through installed apps on the store, this one has "asaplabs" in the script URL
  • Only we have access to this back end, it's like a "profile" of all stores.

 

Since only Shopify can see the scripts of all apps installed I would suggest anyone facing this issue goes to the chat and ask for their assistance.

Hope this helps!

EvanG1
Visitor
2 1 2

It looks like "Geo Targeting - Notify pop-ups" had the same developer (Simtech Development Ltd.) as the Yandex app that was causing us problems:

 

https://www.delightchat.io/apps/geo-targeting

https://www.delightchat.io/apps/yandex-metrica

 

There is one other app I've found a record of being developed by Simtech called "Custom JavaScript & jQuery" which I would assume also could be affected:

 

https://www.delightchat.io/apps/custom-js

James-Does-PPC
Shopify Partner
8 0 0

Thanks for the info @EvanG1.

 

We've removed the geotargeting app from the site now, and I'm no longer getting the flags from my browser guard. Unfortunately Google doesn't agree the issue is resolved and our ads are still suspended 😞

EmmanuelFlossie
Shopify Partner
3350 255 805

Great work @EvanG1 

 

@James-Does-PPC Google unfortunately uses website caches to verify Malicious Software. Which means you need to wait until the cache in Google are cleared of the old plugin.

 

Yes this is annoying. Please note I am aware of this process only for Google Ads, I do not know if this is the same for Google Merchant Center.

 

You can check when a page is cache by adding cache: in front of your URL.

 

For example

 

cache:https://feedarmy.com/kb/asaplabs-io-suspended-shopify-account-due-to-malicious-software-in-google-me...

Get in touch with Emmanuel: a Google Shopping Specialist, Google Ads Diamond Product Expert, and also a a Google Product Expert Education 2021 & Tailwind 2023 Award winner.
Need Google Merchant Center or Google Shopping support?.
James-Does-PPC
Shopify Partner
8 0 0

Hey @EmmanuelFlossie,

 

Thanks for the insight - That's interesting to know.

 

Strangely, when I use the URL for the site in question the cache note gives a different site as a response.. 

 

If it helps with your merchant centre question, our product feed didn't go down at the same time. Only the text ads.

EmmanuelFlossie
Shopify Partner
3350 255 805

That might be from the app, because what I noticed was that the app redirects sites. Hence why you get a different cache.

 

Just double check you didn't use my website 😄

 

first navigate to your product landing page (any)

 

Then type cache:

 

Infront. If it does the same, than you need to wait a few days until the cache is back to normal.

Get in touch with Emmanuel: a Google Shopping Specialist, Google Ads Diamond Product Expert, and also a a Google Product Expert Education 2021 & Tailwind 2023 Award winner.
Need Google Merchant Center or Google Shopping support?.
James-Does-PPC
Shopify Partner
8 0 0

Interesting, I wonder if that is where the app was redirecting to. I have scanned the site it was going to using a 3rd party tool and it came up clean.

 

Yes I did use our site, rather than yours (appreciate the check though, you never know!)

 

Any experience with how often the pages are crawled?

EmmanuelFlossie
Shopify Partner
3350 255 805

Crawl rates are increased or decreased by Google dependent on the volume of traffic you get. The more popular your website is, the higher the crawl rate.

 

But I don't know too much about crawl rates, so I recommend you have a look here: https://support.google.com/webmasters/answer/48620?hl=en

Get in touch with Emmanuel: a Google Shopping Specialist, Google Ads Diamond Product Expert, and also a a Google Product Expert Education 2021 & Tailwind 2023 Award winner.
Need Google Merchant Center or Google Shopping support?.
James-Does-PPC
Shopify Partner
8 0 0

Thanks @EmmanuelFlossie ,

 

I've spoken with Google ads support and they have sent me a link report.

 

The report is from the crawl yesterday, and the links in the report don't contain the asaplabs URL (they mostly look very spammy).

 

I assume they are the ones dynamically being inserted by the compromised apps.

 

They have advised 3-4 days for a re-crawl, although I suspect this is a generic answer.

Armyan
Shopify Partner
2 0 0

hey James, I have got the exact same issue. Deleted the yandex metrica app, even changed the theme but still being flagged by G ads. Did you find a way to resolve the issue?

 

EmmanuelFlossie
Shopify Partner
3350 255 805

@Armyan You need to wait until Google's Cache is cleared for all pages.

 

you can view the date of your cache of any page by pretending the word cache: in your browser address bar

Get in touch with Emmanuel: a Google Shopping Specialist, Google Ads Diamond Product Expert, and also a a Google Product Expert Education 2021 & Tailwind 2023 Award winner.
Need Google Merchant Center or Google Shopping support?.
Gift-o-the-Jab
Navigator
370 24 98

I don't suppose resubmitting the sitemap can help to speed up the caching?

ttsatsos
Shopify Partner
1 0 0

Does anyone know what the damage is in terms of potential breached data as a result of this allegedly malicious software?

Nick_Hartnack
Tourist
7 0 6

You've solved!! So did weE Once we deleted it problem solved. Many thanks!!

zyla999
Shopify Partner
15 0 6

Thank you for posting this.  I spent 2 days trying to find a solution to this problem.  My Google Search Console was showing me a lot of pages with soft 404 and it was growing every week.

Deleting "Geo Targeting - Notify pop-ups" did the trick for me.  The app was disabled but still present. I remember disabling it because it was causing other problems for me.

Thanks again.

James-Does-PPC
Shopify Partner
8 0 0

Hello all,

 

This issue has reared its head again for us today.

 

We're currently investigating the cause, perhaps more apps have been compromised.

shawnastm
Tourist
3 1 1

We have also been battling with Google Ads since mid June 2022, malicious content and soft 404. We had the Yandex app installed and removed the app and also removed any scripting associated with it manually from the theme. Yandex and asaplabs and some related apps have been compromised. However, once we removed the code, Google still was denying our ads. Google on their end, needs to clear their cache! That's right. If you take an example page of your website that is being flagged, type in cache:https://xxyourwebsitelinkxx and take a look at the google cache date. The deleted code may still be present in their scanning and they HAVE to refresh their cache or they will still be detecting the code!

James-Does-PPC
Shopify Partner
8 0 0

Looks like this may have been an error on our end, looks like one of the compromised apps was still on our US sub-domain.

AdamSTM
Tourist
4 0 0

What does this mean exactly? 

EmmanuelFlossie
Shopify Partner
3350 255 805

@AdamSTM are you suspended from Google Ads due to Malicious Software?

Get in touch with Emmanuel: a Google Shopping Specialist, Google Ads Diamond Product Expert, and also a a Google Product Expert Education 2021 & Tailwind 2023 Award winner.
Need Google Merchant Center or Google Shopping support?.
AdamSTM
Tourist
4 0 0

Currently yes. We belive we fixed the issue on our end however google is also scanning cached website pages from may... any insight? 

EmmanuelFlossie
Shopify Partner
3350 255 805

You need to wait until the cache is refreshed.

Get in touch with Emmanuel: a Google Shopping Specialist, Google Ads Diamond Product Expert, and also a a Google Product Expert Education 2021 & Tailwind 2023 Award winner.
Need Google Merchant Center or Google Shopping support?.
AdamSTM
Tourist
4 0 0

The last refresh was may... any way to have them push it through? Also in the reply from ShawnaSTM we have located at least 1 app for sure that is inserting the code. 

EmmanuelFlossie
Shopify Partner
3350 255 805

Crawl rates are defined by website popularity, the more traffic you get, the higher your crawl rate is. Here is more info: https://support.google.com/webmasters/answer/48620?hl=en

Get in touch with Emmanuel: a Google Shopping Specialist, Google Ads Diamond Product Expert, and also a a Google Product Expert Education 2021 & Tailwind 2023 Award winner.
Need Google Merchant Center or Google Shopping support?.
AdamSTM
Tourist
4 0 0

Ok, well due to the redirects we got hit with soft 404s which in turn google unindexed most of our site. As of a few weeks ago we were the top results for almost every single keyword/Search term we were working with. So this is resulting in lower traffic which in turn means they will crawl our site slower? Talk about kicking someone while they are down. 

dannyrouse
Visitor
1 0 0

We're having the same issue. Our google ads all got declined back at the beginning of June. We removed the offending app (in our case it was "Geo Targeting - Notify pop-ups") resubmitted the ads and the got approved. However, from 1st July the ads all got declined again and we just can not get them approved again. We've checked the code and all trace of the app has been removed.... 

Anyone had a solution to this?

shawnastm
Tourist
3 1 1

This is an accepted solution.

Go to one of your disapproved pages and type before the url "cache:"

That will show you the DATE of the page cache Google is ACTUALLY scanning. Our problem was the same, we removed the code but Google kept disapproving them saying the code was still there even though by manual review it was NOT. The issue is Google uses OLD CACHED pages with their fancy scanner thing on their end and the code will still be present from a couple weeks ago. It's just going to take time for Google to re-cache and check new versions of your website. It took us 2-3 very frustrating weeks. We reached out at least 5 times a day, made them aware of the cache issue, trying to get them to refresh things on their end... but we simply had to wait it out.

EmmanuelFlossie
Shopify Partner
3350 255 805

As sad as @shawnastm experience is, this is the only way. The more traffic your website has, the faster the re-caching is. So merchants with not much traffic will have to wait longer.

Get in touch with Emmanuel: a Google Shopping Specialist, Google Ads Diamond Product Expert, and also a a Google Product Expert Education 2021 & Tailwind 2023 Award winner.
Need Google Merchant Center or Google Shopping support?.

Nick_Hartnack
Tourist
7 0 6

Hi there
Firstly thanks for this, because it was doing my head in (354 pages all with Soft 404's!!) but thanks to this page I have solved the issue. I had the Geo Locator Pop Up app and even though it wasn't active (it was). Once I deleted it on the Apps page, I went back to Google Search Console and Voila!! Google could access the pages.