The actors threatened were observed using Google Tag Manager (GTM) to provide malware Skimmer Credit Card focused on Magento’s e -commerce sites.
SUCURI SUCURIA SCHOOL COMPANY – Note The code, which is a typical GTM and Google Analytics scenario used for analytics and advertising purposes, contains a stubborn back, capable of providing attackers permanently.
As writing, as much as three sites They have been found to be infected by the GTM IDM (GTM-MLHK2N68), which is compared to the six, which the succus reports. GTM ID refers to A container These include different tracking codes (such as Google Analytics, Pixel Facebook) and the rules that need to be launched when certain conditions are fulfilled.
Further analysis showed that malicious software is loaded from the Magento Database “CMS_Block.content”, with the GTM tag containing the coded JavaScript a useful load that acts as a credit card skimmer.
“This scenario was designed to collect sensitive data introduced by users during the order process, and send it to a remote server controlled by attackers,” said the Puja Srivstosta safety researcher.
After performing the malicious software is designed to write information about credit cards from the box office and send it to the external server.
This is not the first time GTM abused for malicious purposes. In April 2018 succus disclosed that the tool was used for violating purposes.
Development occurs a few weeks after the company minute Another WordPress company, which probably used vulnerabilities in the plugins or violated administrator accounts to install malicious software that redirected the site visitors to the malicious URL.
