- Sucuri finds credit card skimmer on Magento-driven e-commerce
- The skimmer hid within Google Tag Manager
- At least six sites were compromised, experts warned
Cybercriminals utilized Google Tag Manager (GTM) to hide malware in Magento-driven e-commerce sites and steal payment information from customers, experts have claimed.
Researchers at Sucuri claim to have recently observed such an attack in nature and explained that a customer reached out for help after experiencing credit card date theft from their Magento-based e-commerce website.
The analysts are traced back to a malicious script embedded in Google Tag Manager, which seemed to be a legitimate tracking tool, but was actually designed to foam sensitive data. Google Tag Manager is a free tool from Google that allows site owners and marketers to easily manage and implement tracking codes (tags) on their site without directly changing the site code.
Abused in nature
The attackers connected the manuscript, making it difficult to detect, and used it to catch payment information from the box before sending them to a remote server.
Sucuri also found a back door that gave attackers sustained access. At least six sites turned out to be infected with the same GTM -ID, and one of the domains used in the attack, Eurowebmonitortool [dot] com, has now been blacklisted by most security companies.
Using Google Tag Manager to deliver malware is not a news. The researchers said they covered the technique last year and added that the new infection indicates that the tactics are “still widely used” in nature. Due to its popularity among the owners of the E -trading site, Magento is a huge target for cyber criminals. Payment information is also quite valuable to cyber criminals as they can use them to buy malicious goods, pay for malvertising campaigns and more.
To remedy the attack, website administrators must remove any suspicious GTM tags, perform a complete site scan, make sure that both Magento and other extensions are updated and monitored regularly location and GTM for any unusual activity, Sucuria suggests.
