Google system abused by hackers to hijack ecommerce stores

A person holding a credit card in one hand while typing on a laptop keyboard with the other.
(Image credit: Shutterstock / Kostenko Maxim)

  • Sucuri finds credit card skimmer in Magento-powered ecommerce site
  • The skimmer was hiding within Google Tag Manager
  • At least six websites were compromised, experts warned

Cybercriminals were exploiting the Google Tag Manager (GTM) to hide malware in Magento-powered ecommerce sites and steal payment information from customers, experts have claimed.

Researchers at Sucuri claim to have recently observed one such attack in the wild, explaining that a customer reached out for help after experiencing credit card data theft from their Magento-based ecommerce website.

The analysts traced the attack back to a malicious script embedded within Google Tag Manager, which appeared to be a legitimate tracking tool but was actually designed to skim sensitive data. Google Tag Manager is a free tool from Google that allows website owners and marketers to easily manage and deploy tracking codes (tags) on their website without directly modifying the site's code.

Abused in the wild

The attackers obfuscated the script, making it difficult to detect, and used it to capture payment details from the checkout page before sending them to a remote server.

Sucuri also found a backdoor that granted the attackers persistent access. At least six websites were found to be infected with the same GTM ID, and one of the domains used in the attack, eurowebmonitortool [dot] com, has now been blacklisted by most security companies.

Using the Google Tag Manager to deliver malware isn’t a novelty. The researchers said they covered the technique last year, adding that the new infection indicates the tactic “still being widely used” in the wild. Magento, due to its popularity among ecommerce site owners, is a huge target for cybercriminals. Payment information is also quite valuable for cybercriminals, since they can use it to purchase malicious goods, pay for malvertising campaigns, and more.

To remediate the attack, website admins should remove any suspicious GTM tags, perform a full website scan, make sure both Magento and other extensions are updated, and regularly monitor site traffic and GTM for any unusual activity, Sucuri suggests.

You might also like

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Read more
A person holding a credit card in one hand while typing on a laptop keyboard with the other.
WordPress users targeted by devious new credit card skimmer malware
Casio logo
Casio’s online store hit by bogus credit card stealing checkout form
Fraude en ligne phishing
Google Search ads are being hacked to steal account info
Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)
Over 10,000 WordPress sites found showing fake Google browser update pages to spread malware
A person holding a credit card in one hand while typing on a laptop keyboard with the other.
European Space Agency hack sees official store hijacked to steal customer details
Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)
Thousands of WordPress websites hit in new malware attack, here's what we know
Latest in Security
An American flag flying outside the US Capitol building against a blue sky
Sean Plankey selected as CISA director by President Trump
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
Nation-state threats are targeting UK AI research
Scam alert
Fake jobs and phone calls: How Americans lost $12.5 bn to fraud in 2024
Application Security Testing Concept with Digital Magnifying Glass Scanning Applications to Detect Vulnerabilities - AST - Process of Making Apps Resistant to Security Threats - 3D Illustration
Google bug bounty payments hit nearly $12 million in 2024
Scam alert
A new SMS energy scam is using Elon Musk’s face to steal your money
Representational image of a cybercriminal
Allstate sued for exposing personal customer information in plaintext
Latest in News
Man having Windows 11 problems with his laptop
Fed up of adverts creeping into Windows 11? You won’t like Microsoft’s latest update, then, although it does provide some important bug fixes
Apple Siri
Update your Apple device now: iOS 18.3.2 fixes a flaw that could be exploited by hackers
Google Chromecast 2
Chromecasts are still broken – but Google tells fuming owners not to factory reset their devices
ChatGPT
ChatGPT wants to write your next novel, and readers and writers alike should be very worried
Garmin Instinct 3 next to the Apple Watch Ultra 2
New figures claim the smartwatch market just shrunk for the first time ever, and the Apple Watch Ultra 3 is to blame
Hitman: World of Assassination on PSVR 2.
Hitman: World of Assassination hits PSVR 2 soon, finally giving you a reason to dust off your headset