Magento-based online stores have been targeted with credit card skimmer malware distributed via Google Tag Manager exploitation, reports The Hacker News.
Intrusions involved the distribution of an obfuscated backdoor in the guise of a GTM and Google Analytics script for web analytics and advertising, which when executed from a Magento database table facilitates the exfiltration of credit card details, according to a report from Sucuri. "This script was designed to collect sensitive data entered by users during the checkout process and send it to a remote server controlled by the attackers," said Sucuri researcher Puja Srivastava. Such a development comes just weeks after WordPress plugin flaws and breached admin accounts were reported by Sucuri to have been leveraged in an attack campaign that sought to redirect victims to malicious sites. GTM was also discovered by Sucuri to have been utilized in a malvertising campaign nearly seven years ago. Meanwhile, alleged payment card skimming operation members Andrei Fagaras and Tamas Kolozsvari have been indicted by the U.S. Justice Department.
