all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

40 New Domains of Magecart Veteran ATMZOW Found in Google Tag Manager

Add to bookmarks
Dec. 7, 2023, 8:25 p.m. | Denis Sinegubko

Sucuri Blog blog.sucuri.net

Hackers like Google Tag Manager: millions of sites use it, and they can inject custom scripts and HTML code via a script from the highly trusted domain googletagmanager.com. In order to create a new container and abuse Google Tag Manager, all they need is a Google account (and we all know how easy it is to get one).


Given the widespread use of GTM and the inherent trust websites put in scripts from Google, this tactic presents a significant …

abuse account code container credit card stealers domain domains ecommerce security found google google account google tag google tag manager hacked websites hackers html inject magecart magento security malware manager new domains obfuscation order script scripts tag veteran website malware infections website security

Visit resource

More from blog.sucuri.net / Sucuri Blog

What is a Zero-Day Vulnerability? 2 days, 21 hours ago | blog.sucuri.net
best practices can dev dev teams +19
What is Cookie Hijacking 4 days, 23 hours ago | blog.sucuri.net
access accounts application attackers +25
JavaScript Malware Switches to Server-Side Redirects & DNS TXT Records as TDS 1 week, 2 days ago | blog.sucuri.net
august black hat tactics campaign cloud +30
WordPress Maintenance: Tasks & Best Practices 1 week, 4 days ago | blog.sucuri.net
best practices can expertise guide +10
Credit Card Skimmer Hidden in Fake Facebook Pixel Tracker 2 weeks, 3 days ago | blog.sucuri.net
admin amp area attackers +32
Web Shells: Types, Mitigation & Removal 2 weeks, 5 days ago | blog.sucuri.net
access attackers best practices compromised +33
Magento Shoplift: Ecommerce Malware Targets Both WordPress & Magento CMS 3 weeks, 4 days ago | blog.sucuri.net
adoption black hat tactics can cms +19
WordPress Vulnerability & Patch Roundup March 2024 1 month ago | blog.sucuri.net
attacks automated awareness best practices +32
Sign1 Malware: Analysis, Campaign History & Indicators of Compromise 1 month, 1 week ago | blog.sucuri.net
analysis campaign clear client +20

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Lead Technical Product Manager - Threat Protection

@ Mastercard | Remote - United Kingdom
View on infosec-jobs.com

Data Privacy Officer

@ Banco Popular | San Juan, PR
View on infosec-jobs.com

GRC Security Program Manager

@ Meta | Bellevue, WA | Menlo Park, CA | Washington, DC | New York City
View on infosec-jobs.com

Cyber Security Engineer

@ ASSYSTEM | Warrington, United Kingdom
View on infosec-jobs.com

Privacy Engineer, Technical Audit

@ Meta | Menlo Park, CA
View on infosec-jobs.com
View more jobs