Cybercriminals have been leveraging Google Tag Manager (GTM) to inject malware into Magento-powered eCommerce websites, compromising customer payment data, according to cybersecurity experts.
Security researchers at Sucuri recently detected a live attack where a Magento-based online store suffered a credit card data breach. The investigation led to a malicious script embedded within Google Tag Manager, which, while appearing to be a standard tracking tool, was designed to steal sensitive payment information.
Google Tag Manager is a widely used tag management system that enables website owners to deploy tracking codes without modifying site code directly. However, attackers obfuscate the injected script, making detection difficult. The malware captures payment details at checkout and transmits them to a remote server. Researchers also discovered a backdoor, allowing persistent access to compromised sites.
At least six websites were found infected with the same GTM ID, and one domain used in the attack, eurowebmonitortool[dot]com, has now been blacklisted by major security firms. Cybersecurity experts emphasize that this attack method is not new. Sucuri researchers had previously identified similar threats, reaffirming that this technique is "still being widely used."
Given its popularity among eCommerce businesses, Magento remains a primary target for cybercriminals. Stolen payment data can be exploited for fraudulent purchases, malvertising campaigns, and other illicit activities.
Security Measures for Protection
To mitigate risks, website administrators should:
- Remove any suspicious GTM tags
- Conduct a full security scan
- Ensure Magento and all extensions are updated
- Regularly monitor site traffic and GTM configurations for anomalies
Proactive cybersecurity measures and ongoing vulnerability monitoring are crucial to safeguarding eCommerce platforms from such sophisticated attacks.