news.grets.store, static.seders.website, rida.tokyo - Just a Few Malicious Websites Hitting Google Analytics GA4

February 28, 2024



ga4-virus-threat.webpRecently there has been an influx of harmful websites showing in Google Analytics GA4.

It appears in the acquisition data, which shows you where website visitors have clicks through to your site from. The malicious website will show up as one of your referral sources, meaning someone (or in this case, a bot) has clicked through to your website from that particular source. If this has happened, you may notice an increase in referral traffic and find them by investigating your Acquisition report more thoroughly.

 

How to spot the malicious websites:

The malicious websites will have URLs such as 'static.sedars.website' or similar. They will show multiple users but 0 engaged sessions and an average engagement time of 0 seconds. There may be just one, or multiple URLs. They will look something like the examples below, though this list isn't exhaustive and other varieties are very likely. To check whether you have been targeted, view your referral sources following the steps below.

 


So far we have listed the following domains that are highly likely to be all part of the same issue:

  • news.grets.store
  • static.seders.website
  • info.seders.website
  • rida.tokyo
  • kar.razas.site
  • game.fertuk.site
  • ofer.bartikus.site
  • trast.mantero.online
  • garold.dertus.site
  • games.patlik.site

(List current as of 1st March 2024 - we will continue to update)

 

To view your referral sources in GA4:

  1. Visit your Traffic Acquisiton report in GA4 reports
  2. Scroll down to the table and click the blue + in the first column
  3. Go to 'Traffic Source' and then click 'Session Source'
  4. A new column will appear; looking at any rows marked as 'Referral' you should be able to spot any of the harmful websites if there are any there.

 

How can they cause harm?

The malicious sites are infected with viruses. It appears they are being used to target website owners who are curious about the traffic and click through to investigate the source, thus opening the malicious website and causing the viruses to attack your computer. 

The traffic itself isn't harmful to your website and is only being used as a lure to encourage website owners to visit the infected site, so there's no need to worry if your site security is working. It would be a good idea to check your security anyway though, as it's always important to ensure your website is protected just in case.

The malicious website URLs appear to be varied, meaning it is difficult to block them using GA4's filtering features though you can block any that you do find when you find them. This won't stop the bot visits but will filter them from appearing in your reports.


What to do if you see these websites in your Analytics:

  1.  Do not panic, this does not mean your website is under threat or has been hacked.
  2.  Update the antivirus software on your devices, which will help you in the event of an accidental click to the malicious websites.
  3. Double check the security of your website. This isn't the intended method of virus delivery but is a good idea anyway.
  4. Ensure anyone who has access to your Analytics is aware and knows not to investigate these links, not to click anything unknown.
  5. Exclude the data from your Analytics reports using filtering. This doesn't stop the visits but will ensure the data is not used in your reports.
  6. Keep checking and be vigilant to anything suspicious in your Analytics or on your website. A wider review of your security may be beneficial if this has caused concern.

 

If you have already clicked, or accidentally visit one of them:

  1. Do not panic.
  2. Update your antivirus software immediately.
  3. Conduct a very thorough scan of your devide and follow the direction of your software.
  4. Speak to your IT support company or designated IT team and let them know what has happened.

 

If you are concerned about this, or anything related to security:

We have a team of experts that are certified to support you with Cyber Security. We have experience working with all sizes of business and can offer you peace of mind that your business is safe from threats such as this.

You can send us an enquiry or give one of our team a call to chat about Cyber Security or any of your IT support requirements.

Get in touch

about viewdata

Viewdata is a specialist IT support provider with over 30 years experience. We're based in Reading and offer flexible IT solutions to local and national businesses of all sizes. 

Our solutions and services include:

IT Support | Mac IT Support | IT Support for Small Business | IT Outsourcing | Managed IT Solutions | Cross-platform IT Support | Mac Integration | Apple Reseller | Apple Hardware | Apple Certified Engineers | Zero-touch Deployment | Mobile Device Management | iPad Support | Business Continuity Solutions | Data Back-up Services | Jamf Gold Reseller | Centrify Select Partner | Adobe Licensing | Cloud Solutions | Apple Hardware Leasing | IT Accessories | IT Relocation Services | VoIP

HOW CAN WE HELP YOU...

Have any questions? Want to know more about any of our managed IT services or to discuss outsourcing IT... our expert IT consulting team are at hand.

Whether you're a small, medium or large enterprise, with our IT expertise we can tailor our IT services, cloud services and security servicee to accommodate your business needs whilst enabling innovation, reliability and providing peace of mind.

GET IN TOUCH

Required
Required
Required