GoogleLatest TrendsNews

Websites Under Attack: Hackers Stealing Credit Card Details Using GTM

By 
February 15, 2025
2 mins read
47 Views
0
Website Hacked using GTM

If you run an eCommerce store on Magento, this is a must-read. Hackers are actively exploiting a vulnerability to steal credit card details from customers at checkout. This attack uses Google Tag Manager – GTM to inject malware into Magento websites without triggering security alerts.

How Hackers Are Stealing Credit Card Data

Security researchers at Sucuri discovered a new type of malware that hides inside Magento websites. Here’s how it works:

  1. Malicious Code Injection – The attackers inject a hidden script into the website database (cms_block.content).
  2. Google Tag Manager (GTM) Abuse – The script is loaded through GTM, making it look like a normal tracking code.
  3. Credit Card Skimming – When customers enter their payment details at checkout, the malware captures the information.
  4. Data Sent to Hackers – The stolen data is sent to an external hacker-controlled server.
  5. Backdoor PHP File – To maintain access, hackers plant a hidden PHP file (./media/index.php), allowing them to re-infect the site even if the malicious GTM tag is removed.

What You Need to Do Immediately

If you have a Magento website, take these steps to protect your store and customers:

  1. Check Google Tag Manager – Log into your GTM account and remove any suspicious tags.
  2. Scan Your Website – Use a security tool to check for malware and backdoor files.
  3. Remove Malicious Scripts – If you find anything suspicious in your Magento database or files, delete them.
  4. Update Magento & Extensions – Ensure your Magento version and all plugins/extensions are updated with the latest security patches.
  5. Monitor Your Website – Regularly check your site traffic and GTM activity for unusual behavior.

The Affected Websites & Security Measures

At least six websites were found infected with this malicious GTM ID. The hackers use eurowebmonitortool[.]com as part of their attack, which is already blocklisted by 15 security vendors on VirusTotal.

Stay Safe & Secure

If you run an online store, security should be a top priority. Hackers are always looking for vulnerabilities to exploit, and Magento sites are often targeted due to their popularity. Follow the security steps above to keep your website safe and protect your customers from credit card fraud.

Regular website monitoring and security updates are essential to prevent such attacks. Stay alert and take action before it’s too late!

Referral:

Google Tag Manager Skimmer Steals Credit Card Info From Magento Site

Tags

Leave a Reply

Your email address will not be published. Required fields are marked *