**Sucuri**: [Google Tag Manager Skimmer Steals Credit Card Info From Magento Site](https://blog.sucuri.net/2025/02/google-tag-manager-skimmer-steals-credit-card-info-from-magento-site.html )
Title is straightforward: Sucuri warns of credit card data theft from a customer's Magento-based eCommerce website. The credit card skimmer malware is delivered by leveraging Google Tag Manager (GTM). GTM is a free tool from Google that allows website owners to manage and deploy marketing tags on their website without needing to modify the site’s code directly. A single malicious domain is identified, but the real IOC is the GTM identifier GTM-MLHK2N68. The Hacker News identified at least [three sites infected with the skimmer](https://thehackernews.com/2025/02/hackers-exploit-google-tag-manager-to.html ).
#magento #threatintel #ioc #infosec #cybersecurity #cyberthreatintelligence #CTI
Not Simon 🐐
npub14g…xznd6
2025-02-10 16:45:50 UTC
Author Public Key
npub14g0mj0fmn0sepfuhp2wupyk7d8xyz7rezpmrx2gfsav9vxlwxypq4xznd6Seen on
wss://relay.momostr.pinkPublished at
2025-02-10 16:45:50 UTCEvent JSON
{
"id": "e0798051f176d1a181e126cf6948485c0560943e4302fb0e5264aca478d7739a",
"pubkey": "aa1fb93d3b9be190a7970a9dc092de69cc41787910763329098758561bee3102",
"created_at": 1739205950,
"kind": 1,
"tags": [
[
"proxy",
"https://infosec.exchange/@screaminggoat/113980601176882359",
"web"
],
[
"t",
"infosec"
],
[
"t",
"threatintel"
],
[
"t",
"cybersecurity"
],
[
"t",
"magento"
],
[
"t",
"ioc"
],
[
"t",
"cyberthreatintelligence"
],
[
"t",
"cti"
],
[
"proxy",
"https://infosec.exchange/users/screaminggoat/statuses/113980601176882359",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://infosec.exchange/users/screaminggoat/statuses/113980601176882359",
"pink.momostr"
],
[
"-"
]
],
"content": "**Sucuri**: [Google Tag Manager Skimmer Steals Credit Card Info From Magento Site](https://blog.sucuri.net/2025/02/google-tag-manager-skimmer-steals-credit-card-info-from-magento-site.html )\nTitle is straightforward: Sucuri warns of credit card data theft from a customer's Magento-based eCommerce website. The credit card skimmer malware is delivered by leveraging Google Tag Manager (GTM). GTM is a free tool from Google that allows website owners to manage and deploy marketing tags on their website without needing to modify the site’s code directly. A single malicious domain is identified, but the real IOC is the GTM identifier GTM-MLHK2N68. The Hacker News identified at least [three sites infected with the skimmer](https://thehackernews.com/2025/02/hackers-exploit-google-tag-manager-to.html ). \n\n#magento #threatintel #ioc #infosec #cybersecurity #cyberthreatintelligence #CTI",
"sig": "569d5ca99f6fea14493bcd3a6a4282e44bbd473adcb3175cede36d4afabb781e47ac6aed9ed8b62933ae85b9949725b7aafb8ddda832a8961c8d1b18644c37d0"
}