Summary: Cybercriminals exploit Google Tag Manager (GTM) to inject malicious code into Magento-based e-commerce sites, primarily targeting payment card data. The attack represents a novel form of Magecart strategy, using legitimate marketing scripts as a front for card skimming. Investigators discovered at least six affected sites already, highlighting the widespread and active nature of this threat.
Affected: E-commerce sites built on Magento
Keypoints :
- Attackers load an encoded JavaScript payload within GTM, effectively acting as a credit card skimmer.
- The malicious code can collect sensitive checkout data and send it to remote servers controlled by attackers.
- Website administrators are advised to remove suspicious tags in GTM and perform thorough scans to identify any further security breaches.