Magecart Veteran ATMZOW Explores New Domains in Google Tag Manager: A Detailed Analysis

In a recent revelation, Magecart Veteran ATMZOW has unearthed 40 new domains within the realms of Google Tag Manager (GTM), shedding light on the evolving tactics employed by cybercriminals. This development has raised concerns within the cybersecurity community, given the widespread usage of GTM and its potential as a gateway for hackers to infiltrate websites with malicious code. In this article, we delve into the significance of GTM for hackers, analyze the novel obfuscation methods employed by the malicious code, examine the usage of GTM containers in e-commerce malware, track the development of the notorious ATMZOW skimmer, discuss the increased complexity in obfuscation techniques, review the list of newly registered domains, explore the technique used to extend the campaign’s duration, and highlight the creation of new containers and subsequent reinfection of compromised websites.

Importance of Google Tag Manager for Hackers

Google Tag Manager has become an attractive target for cybercriminals due to its extensive usage across millions of websites. Its integration enables hackers to insert HTML code and custom scripts through a script derived from the reputable domain, googletagmanager[.]com. This, in turn, grants them unauthorized access, putting the security of countless websites at risk.

Analysis of New Obfuscation Methods

Researchers at Sucuri have closely analyzed the evolving obfuscation methods employed by the malicious code injected via GTM. By employing newer techniques of obfuscation, hackers strive to mask their activities and evade detection by security mechanisms. The comprehensive examination of these methods serves as a key component in understanding and combating such attacks.

Examination of GTM Containers in E-commerce Malware

The potential use of GTM containers in e-commerce malware has sparked concerns within the cybersecurity landscape. By leveraging the trusted framework of GTM, cybercriminals can compromise payment gateways and siphon sensitive financial data. Understanding this modus operandi is crucial in strengthening the security measures employed by online retailers and safeguarding consumer information.

Tracking the Development of ATMZOW Skimmer

The notorious ATMZOW skimmer, responsible for several Magento website infections since 2015, has been an ongoing concern for businesses operating in the e-commerce space. The skimmer, intricately linked to Magecart campaigns, has constantly evolved and adapted over the years, highlighting the importance of tracking its development to stay one step ahead of cyber adversaries.

Increased Complexity in Obfuscation Techniques

The newly discovered GTM-TVKQ79ZS container has introduced additional layers of complexity to its obfuscation techniques. This heightened sophistication enables the concealment of all associated domains and activation conditions, making it increasingly challenging for security analysts to identify and mitigate the threat effectively. Emphasizing the need for robust security measures, this development compels cybersecurity professionals to stay attuned to the evolving tactics of cybercriminals.

List of 40 Newly Registered Domains

As part of their strategy to fly under the radar, the hacker behind the ATMZOW skimmer has meticulously registered 40 new domains. These domains serve as an additional layer in their skimming process, exploiting the unsuspecting nature of users and extending the duration of their malicious campaign. By utilizing a combination of three English words with specific patterns, the attacker successfully evades rapid identification and blockage of each individual domain.

Technique to Extend Campaign Duration

By employing the aforementioned pattern-based domain names, the hacker inadvertently extends the campaign’s duration. The deliberate avoidance of predictable domain patterns not only hampers the ability to swiftly block all malicious domains but also increases the chances of a prolonged compromise. This technique frustrates efforts to disrupt the attacker’s activities and underscores the need to remain vigilant in the ever-changing threat landscape.

Creation of New Containers and Reinfection

The threat actor responsible for the ATMZOW skimmer continues to refine their approach. This time, they have created two new containers – GTM-NTV2JTB4 and GTM-MX7L8F2M – embedding the same malicious script. With these containers, the attacker aims to reinfect compromised websites, further amplifying the potential damage caused by their skimming operation. This cycle of reinfection poses significant challenges to the victims, necessitating swift remediation and heightened security measures.

The discovery of 40 new domains within Google Tag Manager by Magecart Veteran ATMZOW raises concerns about the ever-evolving techniques employed by cybercriminals. The usage of GTM as a means to inject malicious code and scripts highlights the need for increased vigilance and robust security measures. With an in-depth analysis of obfuscation methods, examination of GTM containers in e-commerce malware, tracking of the ATMZOW skimmer’s development, and exploration of various tactics employed by the hacker, businesses and individuals can better equip themselves to mitigate the risks and protect their online assets. As cyber threats continue to evolve, it is imperative to stay informed and proactive in countering these malicious activities.

Explore more

How Is AI Revolutionizing Payroll in HR Management?

Imagine a scenario where payroll errors cost a multinational corporation millions annually due to manual miscalculations and delayed corrections, shaking employee trust and straining HR resources. This is not a far-fetched situation but a reality many organizations faced before the advent of cutting-edge technology. Payroll, once considered a mundane back-office task, has emerged as a critical pillar of employee satisfaction

AI-Driven B2B Marketing – Review

Setting the Stage for AI in B2B Marketing Imagine a marketing landscape where 80% of repetitive tasks are handled not by teams of professionals, but by intelligent systems that draft content, analyze data, and target buyers with precision, transforming the reality of B2B marketing in 2025. Artificial intelligence (AI) has emerged as a powerful force in this space, offering solutions

5 Ways Behavioral Science Boosts B2B Marketing Success

In today’s cutthroat B2B marketing arena, a staggering statistic reveals a harsh truth: over 70% of marketing emails go unopened, buried under an avalanche of digital clutter. Picture a meticulously crafted campaign—polished visuals, compelling data, and airtight logic—vanishing into the void of ignored inboxes and skipped LinkedIn posts. What if the key to breaking through isn’t just sharper tactics, but

Trend Analysis: Private Cloud Resurgence in APAC

In an era where public cloud solutions have long been heralded as the ultimate destination for enterprise IT, a surprising shift is unfolding across the Asia-Pacific (APAC) region, with private cloud infrastructure staging a remarkable comeback. This resurgence challenges the notion that public cloud is the only path forward, as businesses grapple with stringent data sovereignty laws, complex compliance requirements,

iPhone 17 Series Faces Price Hikes Due to US Tariffs

What happens when the sleek, cutting-edge device in your pocket becomes a casualty of global trade wars? As Apple unveils the iPhone 17 series this year, consumers are bracing for a jolt—not just from groundbreaking technology, but from price tags that sting more than ever. Reports suggest that tariffs imposed by the US on Chinese goods are driving costs upward,