- Sucuri finds a skimmer of the credit card on the e -commerce site fed by Magento
- The skimmer was hidden in Google Tag Manager
- At least six websites have been compromised, warned of experts
Cybercriminals operated the Google Tag Manager (GTM) to hide malware in Magento electronic commerce sites and steal payment information for customers, experts said.
SUCURI researchers claim to have recently observed such an attack in the wild, explaining that a customer contributed to help after having known the flight of credit card data from their Magento -based electronic website.
Analysts retraced the attack on a malicious script integrated into the Google Tag Manager, which seemed to be a legitimate monitoring tool but was designed to skim sensitive data. Google Tag Manager is a free Google tool that allows web owners and marketing specialists to easily manage and deploy tracking codes (TAG) on their website without directly modifying the site code.
Mistreated in nature
The attackers obscured the script, which makes it difficult to detect and use it to capture the payment details of the payment page before sending them to a remote server.
Sucuri also found a stolen door which granted attackers persistent access to the attackers. At least six websites have proven to be infected with the same ID GTM, and one of the areas used in the attack, Eurowbmonitortool [dot] com, has now been put up black by most security companies.
Using the Google Tag manager to deliver malware is not new. The researchers said they had covered the technique last year, adding that the new infection indicates that the tactics “still widely used” in the wild. Magento, due to its popularity among owners of electronic commerce sites, is a huge target for cybercriminals. Payment information is also very valuable for cybercriminals, as it can use it to buy malicious products, pay malvertization campaigns, etc.
To remedy the attack, website administrators must delete all suspect GTM tags, carry out a complete website analysis, make sure that Magento and other extensions are updated and regularly monitor site traffic and site GTM for any unusual activity suggests Sucuri.
