Magecart Mayhem: Google Tag Manager Exploited by Credit Card Hackers
Attackers are using Google Tag Manager on Magento sites to conduct Magecart attacks, turning legitimate marketing tools into credit card skimmers. Sucuri discovered malicious scripts disguised as standard tracking codes, affecting multiple sites. Check your GTM tags and update security patches to dodge this digital pickpocketing.
Hot Take:
Who knew Google Tag Manager could be a Trojan horse in disguise? While GTM is busy helping e-commerce sites with their marketing, Magecart attackers are busy using it to swipe credit card details. It seems like this free Google tool is the gift that keeps on giving… to the wrong people! Maybe it’s time to tell GTM to stop playing double agent.
Key Points:
- Magecart attackers are using Google Tag Manager to plant malicious code on Magento e-commerce sites.
- The malicious code acts as a credit card skimmer, stealing payment data during the checkout process.
- Researchers from Sucuri have identified at least six sites affected by this new attack.
- Attackers use obfuscation techniques to disguise the malicious script, including Base64 encoding and mathematical operations.
- Administrators are advised to check their GTM for suspicious tags and perform full website scans.
Already a member? Log in here