4 Signs that Your Web Traffic has been Hijacked by Malware

Virus Detected

By April Reyes

Network hacks are already incredibly common and increasing in severity and frequency each year. Statistics from a joint 2017 study from Accenture and Ponemon Institute found an average company experiences 130 security breaches annually, representing a yearly increase of more than 24 percent.

Plus, a separate conclusion made by the National Cyber Security Alliance discovered 60 percent of small-to-medium-sized businesses shut down within six months of a hack.

Cybercriminals have a variety of goals when orchestrating attacks. They might want valuable information to sell on the black market, or they might hope to harm a company’s reputation so severely that the resultant damage takes months to repair and is prohibitively costly.

New Threat

However, a new malware threat is increasingly hitting online businesses and many have no idea it’s happening. It’s called Client-Side Injected Malware. Server-side protection won’t save you because it’s not hitting your server in the first place. It’s living in the browsers and computers of your online shoppers were you, the company, have no jurisdiction.

Online security company Namogoo estimates that out of the 89 million people in the US who used banking services via mobile phones last year, between 5 and 13 million of these were infected with CSIM malware. This represents an infection rate between 5% and 15%.

CSIM (which includes spyware, fake injected ads, and bloatware) is malware that consumers unknowingly download, usually in bundled apps or browser extensions. They might download a video player app and, without realizing it, also download malware that will quietly live on their computer and begin to alter how they view websites online. CSIM is getting increasingly sophisticated and can live for years on someone’s computer without being detected.

What does the malware look like? When you go to an online shopping website, you will see an injected ad fit neatly within the authentic website. Aside from that, it’s giving smart recommendations that look and feel very native to the website. Your consumer clicks on it make their purchase on a competitor’s website, and you’re none the wiser.

Anywhere from15 percent to 30 percent of a typical website’s traffic is being hijacked by CSIM just like this, every day. Until recently, because the problem lives locally on a consumer’s device, brands have had no control over the problem.

Consumers themselves fall victim to CSIM mainly through three paths, according to Namogoo’s research into CSIM:

  • Free utility apps and browser extensions that secretly bundle in malicious software, such as free flashlights, keyboards, and free screensavers
  • Unprotected routers – consumers regularly change Wi-Fi passwords but very often forget to even set the router login
  • Legitimate consumer security software and popular anti-virus products that surreptitiously download ad injectors and CSIM onto consumer devices

Namogoo also found that CSIM increased from 5% to 20% infection rate among iOS users – a finding that it attributes to the mistaken belief that Macs and iPhones are more secure than other devices. When CSIM is installed on a user device, it runs malicious scripts that steal the user’s credentials and send sensitive data to the script owner.

Common Signs That Indicate Your Traffic Is Being Hacked

Here are five common symptoms that mean your website traffic has been hacked by malware:

1. Third-party services on your site don’t show any results.

If you’ve installed a third-party service like the popular subscription toolbar or a special discount code popup, but aren’t seeing significant results, there’s a good chance malware is causing the problem. Your visitors aren’t even seeing the bar or popups because they’re being obstructed by an overlaid, injected ad.

2. Traffic and conversion numbers don’t add up.

Your marketing funnel is healthy and you’re spending good money to bring traffic to your site, but for some reason, the conversions just aren’t following. In bigger companies, the issue may be even further clouded by the fact that the CMO who buys the media isn’t properly communicating with the head of e-commerce who is monitoring conversions.

You can tweak the funnel, but checking for CSIM should be your first stop. Otherwise, you’ll be throwing money into the fire and playing with metrics that may have nothing to do with the real problem.

3. Customer complaints about competitor ads and suspicious surveys.

This may seem obvious but don’t ignore these phone calls and messages. For every one customer who takes the time to report the issue, there are a hundred more who simply gave up and took their business elsewhere.

In just the past six months we’ve seen a 40 percent increase in new malware that injects a fake survey into the website experience. It’s alarmingly effective at getting users off your site. It doesn’t take much to lose a customer’s interest online. Even if your site merely looks “off,” they’ll simply assume it’s a security issue on your end. Now you’ve lost a customer and brand integrity.

4. Bounce rate rises while conversion rates drop.

High bounce rates can point to a few things, but when coupled with low conversion rates on your checkout page, then Client-Side Malware is very likely the culprit. CSIM can break secure https checkout pages by injecting non-https elements into the page (which is exactly what happened with the Lenovo Superfish scandal recently.) Even a security certificate can’t fully protect you.

If your site metrics go against common sense, Client-Side Injected Malware may be the root cause. The threat is growing, but smart brands and publishers can stop it before it becomes a costly problem.

How to Protect Your Website Traffic From Being Hacked

Namogoo created a technology aimed at combatting CSIM attacks. It is designed to suppress all active CSIM on the consumer’s computer or browser when that consumer visits a Namogoo-protected site. The company does this by sending malware injection blocking rule sets to these websites.

Aside from using this technology, here are some other tips you can implement to protect your website against malware attacks:

Scan Your Site Regularly

The first tip we have for you is to scan your site regularly for potential malware. Using a service like the Security Check in your ManageWP dashboard, you can scan your entire site for potential vulnerabilities, malware, changed files, and check if your site has been blacklisted. What’s more, you will also be able to see where potential vulnerabilities are because this feature will flag site errors and outdated software so you can act on time and fix them before hackers take advantage of it.

Take Regular Backups

Taking regular backups of your website is another way to protect it against malware because a backup ensures that you can quickly restore your site to the way it was before malware infection. It should be noted that your backups should be stored offsite to ensure you always have access to them in the event your hosting provider gets compromised due to a security attack or power outage.

Perform Updates

Another way to keep your site safe is to perform regular updates not only for your website plugins but also your theme and core as well. According to statistics, 39.3% of infected WordPress sites used an outdated WordPress version.


Switching your site to HTTPS was once only required if you had an e-commerce site. Nowadays, HTTPS which stands for HyperText Transfer Protocol Secure is recommended for all websites unless you want search engines to display a security warning when someone tries to visit it.

HTTPS is the secure version of HTTP and it makes all communications between a visitor’s browser and your website encrypted. HTTPS is activated once you install an SSL certificate on your site and is identified by a green padlock or a green bar in your browser’s address bar.

Use and Enforce Secure Passwords

Using strong and secure passwords across all your online accounts and profiles is a must if you want to make a hacker’s life harder. However, many of us are guilty of reusing the same password or using a password that’s all too easy to guess.

Install a Web Application Firewall

Lastly, consider installing a web application firewall or investing in a hosting plan that has a web application firewall installed. The firewall will act as your first line of defense and monitor your site for known threats.


Getting your web traffic hacked is like getting all your hard work and money stolen. Everything that you’ve invested on your website only benefits the author of the malware. Although there is no direct threat to your website as the malware simply smooches off from your web traffic, this can lead to profit loss and even business failure in the long run. So the first time you notice any of these signs, make sure to implement your security measures immediately.

About the Author

As a Journalist by profession, April Reyes has extensive experience in writing about various topics under the sun, including technology, gadgets, travel, social media, and digital marketing. If she’s not writing articles for Software Tested, she’s either watching her favorite TV series or playing video games.


Please enter your comment!
Please enter your name here