Help identifying were malicious script is loaded from in my source - "some-app"

afbs2023 · ‎05-30-2025

Hello,

My google ads got taken down by google, they were dissaproved, because of Malicious content in my site since 19 May. They say it's loading external spam websites.

After some investigations, I found out that this script is injected through "{{ content_for_header }}" in my theme.liquid file.

So this line of malicious code is actually not present in my liquid files, but loaded through that content for header shopify variable. Possibly injected by one of my installed apps.

If you look in the source code of my website: https://africanfabs.com/pages/about-us

and look for "some-app"

You will find this: "https:\/\/some-app.com\/some-controller\/js-method-response?shop=africanfabs.myshopify.com"

this leads to a spam website.

Is there anybody that can identify from which of my apps this script is loaded / injected from? I can not find out where it comes from, so I can remove it and re-enable my google ads.

Thank you for any help!

Betterave-Nina · ‎05-30-2025

It's impossible to tell from the code what injects it exactly.

An easy and robust way would be to just disable/uninstall apps and then check the storefront.

➡➡ Easy Embed Code ⬅⬅ insert CSS/JS/HTML/Liquid code into any store page

Speed Booster App - Improve your store speed in 3 clicks
Need professional help with your Shopify store? DM me, let's talk!
Geeky notes

tim · ‎05-30-2025

Well, there is another way -- identify all other Javascript files and compare with the list of your apps.

Then you can find which one is left.

It's probably not:

Printful, Judge.me, Upsell & Cross Sell — Selleasy, Awin, Searchanize, PushOwl?....

Look at what this leaves and you should be able to get an idea what app it is.

Also worth going over App listings in App store and looking at reviews -- often someone has already complained, but shopify is not fast enough to take action.

If my post is helpful, hit the thumb up button -- it will help others with similar problem to find a solution.
I can be reached via e-mail tairli@yahoo.com

afbs2023 · ‎06-01-2025

Hi Betterave-Nina and Tim,

Thank you both so much for your quick and friendly replies — I really appreciated your input and suggestions while I was in the middle of this frustrating situation.

I wanted to give you a quick update: with the help of an external developer, I was finally able to trace the injected script back to a specific app. I've since contacted the app developer directly to resolve it.

Out of respect, I won’t mention the app by name here — I believe it wasn’t intentional, and I don’t want to cause any unnecessary damage to their reputation. I'm confident that they’ll fix the issue not just for me, but for all affected Shopify users.

Thanks again for being so helpful — this community really does make a difference!

Best regards,
Jack

Betterave-Nina · ‎06-01-2025

Hi Jack.

This is very generous of you to not complain about this to support or not mentioning the app here. Makes sense if this wasn't intentional.

I'm glad that it's resolved.

Good luck with sales!
Nina

➡➡ Easy Embed Code ⬅⬅ insert CSS/JS/HTML/Liquid code into any store page

Speed Booster App - Improve your store speed in 3 clicks
Need professional help with your Shopify store? DM me, let's talk!
Geeky notes

Help identifying were malicious script is loaded from in my source - "some-app"