"Google Tool for e-commerce Sites Being Abused by Hackers Stealing Card Data, Personal Info"
According to a new Recorded Future report, hackers are abusing Google Tag Manager (GTM) containers to install malicious e-skimmers capable of stealing payment card data and Personally Identifiable Information (PII) from shoppers on e-commerce sites. Thousands of e-commerce sites use GTM containers for data on website usage metrics, tracking customers, and marketing. However, experts at Recorded Future have discovered three variants of malicious scripts that cybercriminals are hiding within GTM containers, which enable them to exfiltrate shoppers' personal information. According to the researchers, as of this reporting, more than 165,000 payment card records attributed to victims of GTM container abuse attacks had been posted to dark web carding shops. The total number of payment cards compromised by GTM-based e-skimmers is most likely higher. The researchers discovered 569 e-commerce domains infected with e-skimmers, 314 of which were confirmed to have been infected with a GTM-based e-skimmer variant. Of the 569 infected e-commerce domains, 255 were discovered to have infections that siphoned stolen data to malicious domains associated with GTM container abuse attacks. As of August 25, nearly 90 of these e-commerce domains were still infected, and researchers discovered that it took more than three months for the infections to be resolved on average. According to Stas Alforov, director of fraud research at Recorded Future, the abuse of GTM dates back to 2018 and was used by various cybercriminals. Hackers can avoid security software by abusing legitimate tools such as GTM because website administrators typically whitelist trusted source domains, particularly those from Google. Since March 2021, Recorded Future has been tracking the use of the three GTM-based e-skimmer variants and has observed newly infected e-commerce domains every month. This article continues to discuss the abuse of GTM containers by hackers to steal e-commerce site shoppers' card data and personal information.