We recently noticed a problem where on mobile devices, touches to certain areas of the page were redirecting users to either the Apple App Store or the Google Play Store.

After some digging around, we found that the only element that was isolated to the home page (where the error occurred) was the webutations badge. We removed this and viola, problem solved. We put it back on a test page (with nothing else on it) and bam! The error was back.

There is no doubt that this is the cause and the irony that a site who's function is to demonstrate the safety and security of a website to users is actually injecting malware is not lost on us. We have dug around on Google and can find nothing relating to this and after reaching out to webutation.net on their Google+ and Facebook pages have heard nothing. We feel this is important enough to create this post and wondered if anyone else has experienced this. Also - any suggestions on where to report this so others are aware?

Here is the badge code if anyone would like to try this on a page themselves. It only works on mobile devices & we changed our URL to google.com:

<div> <script type="text/javascript">// <![CDATA[ (function() { window.domain = 'google.com'; function async_load(){ var s = document.createElement('script'); s.type = 'text/javascript'; s.async = true; var p = ('https:' == document.location.protocol ? 'https://' : 'http://'); s.src = p+'www.webutation.net/js/load_badge.js'; var x = document.getElementById('webutation-link'); x.parentNode.insertBefore(s, x); } if (window.attachEvent) window.attachEvent('onload', async_load); else window.addEventListener('load', async_load, false); })(); // ]]> </script> <a id="webutation-link" title="Webutation review of Google" href="http://www.webutation.net/go/review/google.com">Webutation</a></div>