Hackers are using Google Tag Manager to insert credit card skimmer malware in Magento e-commerce sites. A security report by Sucuri identified obfuscated scripts masquerading as typical GTM code that provides attackers with backdoor access. The malware, stored in the Magento database, harvests user data during checkout and sends it to the attackers’ servers. This abuse of GTM for malicious purposes isn't new, with similar incidents reported since 2018. Recently, two Romanian nationals were charged for their involvement in a payment card skimming operation.
https://thehackernews.com/2025/02/hackers-exploit-google-tag-manager-to.html