In rare occasions, it has happened that a particular Antivirus program maker, or a Malware detection tool, or even Google Ads, mistakenly claim that Matomo JavaScript tracking code is a malware.

When this happens, you may experience the following symptoms:

  • Visitor browsing the website(s) using Matomo may see messages from their antivirus or malware check tools for example `Malware was detected in the following file and it has been removed.`
  • Google Ads campaigns may be blocked and stop running and Google asking to remove the Matomo JavaScript tracking code.

As the Matomo creators, we guarantee that the original JavaScript tracker file does not have any malware.

When you’re experiencing this issue, we recommend you follow these steps:

  1. The first step you need to do is to ensure that your web server wasn't hacked and the Matomo file been tampered with. The source code can be found here in its original form here: github.com/matomo-org/matomo/blob/4.x-dev/js/piwik.js. What you want to do is to manually verify that your piwik.js flagged as malware is really the same as our standard packaged (minified) piwik.js, and that it wasn’t tampered with by an attacker. Compare your file to the original (latest version) here: github.com/matomo-org/matomo/blob/4.x-dev/js/piwik.min.js. Note that it is expected there will be some differences in the two files if you’re not using the exact same Matomo version, or if you’re using some free plugins or premium features that enrich the tracker file. If you have any concern or find any difference in the files, contact us the Matomo team for help.

  2. When you have confirmed that your matomo.js or piwik.js file look normal and the same as the original file, then we recommend you immediately reach out to the Antivirus maker/malware program maker and let them there is an issue/bug in their malware detection. You can for example use the following message to reach out to them:

Here is some background information from the Matomo makers:

We are the creators of Matomo, the leading open source web analytics software used on 1 million websites, with privacy built-in. Learn more about us at matomo.org.

One of our users has contacted us because your product claims that the "piwik.js" (or "matomo.js" file) is malware.

But this js file is the official JavaScript tracking client for Matomo Analytics. This file has been deployed on the internet on 1 million websites without any problem, and it does not contain any malware. It is used to record the web analytics information from the website into the website's owner's Matomo database.

You can find more information about this script in the developer documentation. FYI: this piwik.js / matomo.js file is similar to the Google Analytics tracking file which is also deployed on millions of websites worldwide. The original source code of our file can be found here (not minified).

You can manually verify whether the piwik.js flagged as malware is different from our standard packaged (minified) piwik.js by comparing the file to the latest official minified version here.

→ Could you please immediately revert the malware claim on the piwik.js and matomo.js and if you have otherwise any question or feedback about the file, please let us know? The Matomo.org team can be reached at: matomo.org/contact

Thank you for your understanding,

The Matomo.org Team
Open Source Web Analytics software

Please let us know whenever this happens so we can help where necessary. And if don’t hear back from the antivirus/malware makers, also let us know as well.

Thanks for your help!