Shopify Store got redirected by a Malicious website.

NGS
Shopify Partner
3 0 2

And we thought shopify was SAFE.

We are currently facing an issue where our website gets redirected to an external webpage for new user. This webpage is usually the same website that seems like malware, and not a legitimate website.

Our store is www.netgearstore.in and www.netgearstore.sg

We have noticed this happening just a day ago, and have not made any theme edits or new app downloads in the past few months, so we're sure it's probably not related to a new dodgy app.

This redirect occurs for first-time visitors, likely linked to cookies, because if you refresh or re-visit our stores, the redirect doesn't occur. The redirect takes place again if you use incognito mode.

(Upon landing on the homepage, it will be redirected to gladiator.io. Sublinks do not seem to have this issue)

Would appreciate if any shopify expert or community member could help us resolve this. My understanding is that apps and app developers are vetted and checked for malicious code.

Replies 9 (9)

tim
Shopify Expert
3318 248 1196

Saw it once and then it stopped, checked in incognito and on cell-connected phone. Did you do anything?

Seen similar problem once -- malicious code was in product description pulled from a different site.

If my post is helpful, consider liking it -- it will help others with similar problem to find a solution.
NGS
Shopify Partner
3 0 2

Hi Tim,

We have managed to find the source of the issue.

Apparently, some apps that we have installed previously are not fully removed from the backend code itself. Its a filter app by "Searchit", which have been removed from the app store not long back.

tim
Shopify Expert
3318 248 1196

Oh cool.

Thanks for sharing!

If my post is helpful, consider liking it -- it will help others with similar problem to find a solution.
rgdaretochange
Visitor
1 0 0

Hello I hope you get this message. We have a very similar issue. Can you please confirm how you resolved it? Upon entering our website www.rgdaretochange.shop from Google or directly is redirects to a completely unrelated website. Confirm please: Was it re-installing then uninstalling the apps again? Please confirm when you have a moment. Thank you.

Shay
Shopify Staff
2831 442 577

Hi @rgdaretochange 

 

I reviewed the site url you provided but was unable to replicate the issue you were experiencing. Were you able to get this resolved? If not, I would recommend reaching out to our live support for additional help with tracking down the issue. 

 

To contact our live support please follow this link: Shopify Help Center - Contact Support, sign into your store account, search for your issue and use the contact support button at the bottom of the search results to see all our live support options. 

Shay | Social Care @ Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 - To learn more visit the Shopify Help Center or the Shopify Blog

DaniellaGMN
Visitor
1 0 0

Hi Shay, 

I reach out because my online store has been infected with malware and half of the products redirect to some shady website (http://ww62.jsclou.in/). I have detected malicious HTML code on some of the product's descriptions and I eliminated them. Apparently after doing that the malicious links are no longer working. Do I have to do something else, beyond erasing all those code lines? And why does this happen? Isn't Shopify protected against this kind of malware?

 

Thank you!

Shay
Shopify Staff
2831 442 577

Hi @DaniellaGMN 

 

I am very sorry to hear about this! The only way theme code could be added to your store, malicious or not, is if an app or staff account on your store has been compromised.

 

Please reach out to our live support immediately to report this (if you have not already) to ensure that your account is secured and the injected code can be traced. 

 

To access our live support, please follow this link: Shopify Help Center. Next, you will want to follow the on screen prompts to sign in, choose your topic and issue and at the bottom of the help articles provided will be all available live support options. 

 

 

Steps to Secure Your Account 

 

*To be completed by anyone with access to your store.*

 

  1. Your accounts may be vulnerable if your devices, browser, operating system, or apps are out-of-date, we recommend keeping your devices updated to protect your accounts.
  2. Update the password for your email account login and enable any additional security features that your email service provider offers, like Two-Step Authentication also known as Two-Factor Authentication.
  3. Follow government guides to protect your identity and sensitive information.
  4. Delete any personally identifiable documents or verification details shared via email. This can include photos of ID, credit card details, and other similar items (any items uploaded with our Secure Upload tool are encrypted).

Secure Your Logins

 

  1. Navigate to your Shopify ID Settings, please make sure that you are using a strong and unique password.
  2. Enable two-step authentication with your Shopify login for extra security.
  3. Review your Shopify ID for Suspicious Login History and logout any devices that you do not recognise and let me know about them.

Payments and Finances

  1. If you are using Shopify Payments for your payouts, verify that the correct bank account is connected for your payouts and if the bank account connected is not recognised let us know immediately.
  2. Check the Accepted Payments section within Shopify Payments settings and make sure that only the major payment methods you would like to accept are selected.
  3. Check all third-party gateway integrations to verify that the correct accounts are connected and setup as expected - for example PayPal Express checkout.
  4. Review your Billing Settings.

 

Orders

 

  1. Review any orders that may appear suspicious and reach out to the customer to verify that the order is legitimate and/or cancel and refund suspicious looking orders to prevent chargebacks.
  2. Review your Draft Orders. If you locate any draft orders that were created without your authorisation, please go ahead and delete them.

 

 Settings

 

  1. Review and update your Staff or Collaborator Accounts and their permissions.
  2. Review your shop's Activity Log for any unrecognised changes.
  3. Review your store's Settings including: Store Details, Checkout, Shipping and Delivery, Sales Channels, Domains, Notifications, and Files.
  4. Navigate to the Apps section of your store's admin and check that the apps in the list of installed apps were added to your store with your authorisation.
  5. Review the Custom apps section to ensure any apps there are recognised.
  6. Review your shop's Discounts under Discount Codes and Automatic Discounts.

 

Shay | Social Care @ Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 - To learn more visit the Shopify Help Center or the Shopify Blog

NGS
Shopify Partner
3 0 2

This happened quite some time back, I might not remember clearly what are the steps to resolve the issue.

 

Re-installing the app may or may not work. The reason why I'm saying this is because you won't be able to tell if the issue occurred is due to your current app or app that you have tried before but un-installed (Some app does not remove their code fully from your store even after un-installing)

 

We have attempted several ways to get a fix to it.

 

  1. Remove the app 1 by 1 to see if the current app is causing this issue.
  2. Look into your store's code and see if they have malicious coding. Likely the malicious code is found under homepage-related sources. For our case, I guess we got lucky to find the root of this issue with the help of the "inspect" function in the Google Chrome browser for our store page.

 

Hope this helps.

APG-David
Explorer
62 4 20

Another "Defensive Tool" you can use to protect your site is to make and keep regular backups of your theme. ESPECIALLY after any major changes to your code, or addition of new apps. This has saved us a couple of times now when things went terribly bad on our website. We just pitched the corrupted theme, shut down any apps uploaded since the last update..  and then went live with an previously saved version.