My Magento 2 store has been hijacked by a malicious redirect. Whether the visitor is on Android, iPhone, or a desktop browser, the moment the correct URL is entered the shop briefly appears and then jumps to a series of spam pages before landing on Google. The behaviour is consistent across devices, so it is almost certainly a piece of injected malware rather than a user-side issue. I still have full admin-panel access and nothing new has been installed recently, so the compromise must have slipped in through another vector—possibly outdated core files, an unpatched module, or a server-side backdoor. I’m not even sure if the installation is on the latest Magento 2 release, so part of the work will be confirming and, if necessary, upgrading. Here’s what I need from you: • Locate every trace of the redirect: JavaScript injections, altered templates, rogue .htaccess rules, or database-stored scripts. • Remove the malicious code safely without breaking store functionality. • Patch the vulnerability and harden the server/Magento configuration (file permissions, admin path, two-factor, etc.). • Verify on multiple devices that the redirect is gone. • Provide a brief report listing the files you touched, the root cause you discovered, and recommendations (including version updates) to prevent a repeat. You’ll have SSH and admin credentials, plus access to hosting control-panel tools for log inspection. Once the site is clean and stable I’ll release the milestone; if the redirect reappears within a week, we’ll reopen the task at your cost. If you’ve wrestled with Magento 2 malware clean-ups before and are comfortable using the Magento CLI, diff tools, and server-side scanners, I’m ready to get started right away.