Hackers Exploit Google Tag Manager to Steal Credit Card Information

February 14, 2025 at 4:46:23 AM

TL;DR Hackers are exploiting a vulnerability in Magento eCommerce sites to inject malware via Google Tag Manager, which steals credit card information during checkout. The malware includes a hidden PHP backdoor to maintain access and capture user data. Sucuri researchers found the malicious script disguised as normal. They identified at least six infected sites and recommend removing suspicious GTM tags, scanning for malware, and ensuring software is updated.

Hackers Exploit Google Tag Manager to Steal Credit Card Information

Hackers are exploiting a vulnerability in Magento-based eCommerce websites to inject an obfuscated script via Google Tag Manager, enabling them to steal credit card information during checkout. This malware utilizes a hidden PHP backdoor to maintain its presence on the site and extract user data. Security researchers at Sucuri identified the malware, which is loaded from the database table cms_block.content, and noted that the Google Tag Manager script appears normal to evade detection.

Once activated, the malware captures credit card details from the Magento checkout page and transmits them to a hacker-controlled external server. Sucuri also found a backdoor PHP file located at ./media/index.php, which can operate within various content management systems like Magento, WordPress, Drupal, and Joomla.

At least six websites have been infected with this specific Google Tag Manager ID, and the domain eurowebmonitortool[.]com is associated with this malicious activity, currently blocklisted by 15 security vendors on VirusTotal.

To mitigate the threat, Sucuri recommends the following steps for cleaning infected websites:

  • Remove any suspicious GTM tags.
  • Conduct a full website scan to identify other malware or backdoors.
  • Eliminate any malicious scripts or backdoor files.
  • Ensure Magento and all extensions are updated with the latest security patches.
  • Regularly monitor site traffic and GTM for unusual activity.

Have more questions on this topic? Ask our AI assistant for in-depth insights.

The Only Digital Marketing Feed You'll Ever Need.

Stay informed your way. Tailored updates when and how you want them. 100% Free.

10,000+ Users

500+ Sources

1000+ Tools

Or

Related Posts

Google Migrates Server-Side Tag Manager from Container Registry to Artifact Registry

Google Migrates Server-Side Tag Manager from Container Registry to Artifact Registry

Simo Ahava
Simo Ahava

Top Creator

Top Analytics Creator

Simo Ahava is a Top Analytics Creator. Part of Swipe Insight Select, a curated list of top creators.

Top Analytics Creator
Google Tag Manager Introduces Automated Cloudflare Setup for First-Party Mode

Google Tag Manager Introduces Automated Cloudflare Setup for First-Party Mode

Google for Developers
Google for Developers

Official Source

Official Source

Google for Developers is a Official Source. The source has been verified by Swipe Insight team.

Official Source
Google Tag UI Enhances Platform with Integrated Consent Management Features Trending ️‍πŸ”₯

Google Tag UI Enhances Platform with Integrated Consent Management Features

Ginny Marvin
Ginny Marvin

Official Source

Official Source

Ginny Marvin is a Official Source. The source has been verified by Swipe Insight team.

Official Source
Automate Your Marketing Audits - Say Goodbye to Manual Checklists

Automate Your Marketing Audits - Say Goodbye to Manual Checklists

Featured
Google Tag Manager Updates Conversion Linker with Local Storage Support

Google Tag Manager Updates Conversion Linker with Local Storage Support

Google
Google

Official Source

Official Source

Google is a Official Source. The source has been verified by Swipe Insight team.

Official Source
Google Tag Manager Launches Server-Side Tagging Support for Mobile Apps Trending ️‍πŸ”₯

Google Tag Manager Launches Server-Side Tagging Support for Mobile Apps

Brais Calvo
Brais Calvo

Top Creator

Top Analytics Creator

Brais Calvo is a Top Analytics Creator. Part of Swipe Insight Select, a curated list of top creators.

Top Analytics Creator
Google Adds 2 New Alerts to Tag Diagnostics Tool

Google Adds 2 New Alerts to Tag Diagnostics Tool

Google
Google

Official Source

Official Source

Google is a Official Source. The source has been verified by Swipe Insight team.

Official Source
Google Tag Manager Introduces First-Party Mode Deployment via Cloudflare

Google Tag Manager Introduces First-Party Mode Deployment via Cloudflare

Google
Google

Official Source

Official Source

Google is a Official Source. The source has been verified by Swipe Insight team.

Official Source

Related Tools

Marketing Auditor logo

Marketing Auditor

Verified Tool

Verified Tool

Marketing Auditor is a Verified Tool. Want to get this badge? Contact us.

Verified Tool

Automated audits for Google Ads and Analytics.

Get Featured Here

Showcase your tool in this list.

Contact Us