Exploitation of Google e-commerce tool detailed

Widely-used e-commerce site tool Google Tag Manager is being exploited by threat actors to facilitate the deployment of e-skimmers that would then exfiltrate shoppers' personally identifiable information and payment card details, reports The Record, a news site by cybersecurity firm Recorded Future. More than 165,000 payment card records stolen through GTM container exploitation attacks have already been leaked to the dark web and payment cards compromised using e-skimmers deployed through GTM container exploitation may even be higher, according to a Recorded Future report. The findings also showed the e-skimmers were able to infect 569 e-commerce domains, 314 of which have been compromised through a GTM-based e-skimmer, while the remainder had data exfiltrated to GTM exploitation-linked domains. "We first highlighted the use of GTM in a report in 2021, and it has continued to be in active use to this date, in some cases still using the same malicious GTM buckets made public last year. Thus we believe that the use of GTM will remain unchanged unless Google remediates it by implementing active scanning for skimmer payloads inside the GTM-hosted buckets," said Recorded Future Director of Fraud Research Stas Alforov.