Hackers are actively exploiting a vulnerability to inject an obfuscated script into Magento-based eCommerce websites. The malware is loaded via Google Tag Manager, allowing them to steal credit card numbers when customers check out. A hidden PHP backdoor is used to keep the code on the site and steal user data.
The credit card skimmer was discovered by security researchers at Sucuri who advise that the malware was loaded from a database table, cms_block.content. The Google Tag Manager (GTM) script on a website looks normal because the malicious script is coded to evade detection.
Once the malware was active it would record credit card information from a Magento ecommerce checkout page and send it to an external server controlled by a hacker.
Sucuri security researchers also discovered a backdoor PHP file. PHP files are the ‘building blocks’ of many dynamic websites built on platforms like Magento, WordPress, Drupal, and Joomla. Thus, a malware PHP file, once injected, can operate within the content management system.
This is the PHP file that researchers identified:
./media/index.php.
According to the advisory published on the Sucuri website:
“At the time of writing this article, we found that at least 6 websites were currently infected with this particular Google Tag Manager ID, indicating that this threat is actively affecting multiple sites.
eurowebmonitortool[.]com is used in this malicious campaign and is currently blocklisted by 15 security vendors at VirusTotal.”
VirusTotal.com is a crowdsourced security service that provides free file scanning and acts as an aggregator of information.
Sucuri advises the following steps for cleaning an infected website:
- “Remove any suspicious GTM tags. Log into GTM, identify, and delete any suspicious tags.
- Perform a full website scan to detect any other malware or backdoors.
- Remove any malicious scripts or backdoor files.
- Ensure Magento and all extensions are up-to-date with security patches.
- Regularly monitor site traffic and GTM for any unusual activity.”
Read the Sucuri advisory:
Google Tag Manager Skimmer Steals Credit Card Info From Magento Site
Featured Image by Shutterstock/sdx15
We all want to be satisfied, even though we know some people who will never be that way, and others who see satisfaction as a foreign emotion that they can’t hope to ever feel.
Newspaper Ads Canyon Crest CA
Click To See Full Page Ads
Click To See Half Page Ads
Click To See Quarter Page Ads
Click To See Business Card Size Ads
If you have questions before you order, give me a call @ 951-235-3518 or email @ canyoncrestnewspaper@gmail.com
Like us on Facebook Here
A Guide To Enterprise-Level Migrations (100,000+ URLs)
An enterprise website migration is no small feat. We’re talking hundreds of thousands of...
Maximize Conversion Value: Google Ads bidding explained
Are all Google Ads conversions created equal? Let’s say a $500 sale and a $50 sale both...
0 Comments