Magento Mayhem: Credit Card Skimmer Strikes Again via Google Tag Manager!

Threat actors are sneaking credit card skimmer malware onto Magento sites using Google Tag Manager. This sneaky tactic disguises the malware as normal analytics scripts, secretly pilfering credit card info from checkout pages. If GTM is the Trojan Horse, our wallets are the unsuspecting Trojans. Stay vigilant, shoppers!

3P
Published: February 10, 2025 4:28 pmAdded: February 10, 2025 at 8:50 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Looks like Google’s got a new tagline: “Don’t be evil, but if you must, at least obfuscate your evil deeds in our Tag Manager!” You know things are serious when even Google Tag Manager gets a promotion to the villainous role of card-skimming accomplice. The real crime here? Making Sucuri do double duty as a digital detective while we all pretend to be shocked.

Key Points:

  • Threat actors are using Google Tag Manager to deploy credit card skimmer malware on Magento sites.
  • The malware masquerades as a typical GTM and Google Analytics script.
  • Three websites are currently confirmed to be infected, down from six.
  • The malware is stored in the Magento “cms_block.content” database table.
  • This isn’t GTM’s first rodeo with cybercrime, having been previously used for malvertising in 2018.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?