Magecart Veteran ATMZOW Explores New Domains in Google Tag Manager: A Detailed Analysis

In a recent revelation, Magecart Veteran ATMZOW has unearthed 40 new domains within the realms of Google Tag Manager (GTM), shedding light on the evolving tactics employed by cybercriminals. This development has raised concerns within the cybersecurity community, given the widespread usage of GTM and its potential as a gateway for hackers to infiltrate websites with malicious code. In this article, we delve into the significance of GTM for hackers, analyze the novel obfuscation methods employed by the malicious code, examine the usage of GTM containers in e-commerce malware, track the development of the notorious ATMZOW skimmer, discuss the increased complexity in obfuscation techniques, review the list of newly registered domains, explore the technique used to extend the campaign’s duration, and highlight the creation of new containers and subsequent reinfection of compromised websites.

Importance of Google Tag Manager for Hackers

Google Tag Manager has become an attractive target for cybercriminals due to its extensive usage across millions of websites. Its integration enables hackers to insert HTML code and custom scripts through a script derived from the reputable domain, googletagmanager[.]com. This, in turn, grants them unauthorized access, putting the security of countless websites at risk.

Analysis of New Obfuscation Methods

Researchers at Sucuri have closely analyzed the evolving obfuscation methods employed by the malicious code injected via GTM. By employing newer techniques of obfuscation, hackers strive to mask their activities and evade detection by security mechanisms. The comprehensive examination of these methods serves as a key component in understanding and combating such attacks.

Examination of GTM Containers in E-commerce Malware

The potential use of GTM containers in e-commerce malware has sparked concerns within the cybersecurity landscape. By leveraging the trusted framework of GTM, cybercriminals can compromise payment gateways and siphon sensitive financial data. Understanding this modus operandi is crucial in strengthening the security measures employed by online retailers and safeguarding consumer information.

Tracking the Development of ATMZOW Skimmer

The notorious ATMZOW skimmer, responsible for several Magento website infections since 2015, has been an ongoing concern for businesses operating in the e-commerce space. The skimmer, intricately linked to Magecart campaigns, has constantly evolved and adapted over the years, highlighting the importance of tracking its development to stay one step ahead of cyber adversaries.

Increased Complexity in Obfuscation Techniques

The newly discovered GTM-TVKQ79ZS container has introduced additional layers of complexity to its obfuscation techniques. This heightened sophistication enables the concealment of all associated domains and activation conditions, making it increasingly challenging for security analysts to identify and mitigate the threat effectively. Emphasizing the need for robust security measures, this development compels cybersecurity professionals to stay attuned to the evolving tactics of cybercriminals.

List of 40 Newly Registered Domains

As part of their strategy to fly under the radar, the hacker behind the ATMZOW skimmer has meticulously registered 40 new domains. These domains serve as an additional layer in their skimming process, exploiting the unsuspecting nature of users and extending the duration of their malicious campaign. By utilizing a combination of three English words with specific patterns, the attacker successfully evades rapid identification and blockage of each individual domain.

Technique to Extend Campaign Duration

By employing the aforementioned pattern-based domain names, the hacker inadvertently extends the campaign’s duration. The deliberate avoidance of predictable domain patterns not only hampers the ability to swiftly block all malicious domains but also increases the chances of a prolonged compromise. This technique frustrates efforts to disrupt the attacker’s activities and underscores the need to remain vigilant in the ever-changing threat landscape.

Creation of New Containers and Reinfection

The threat actor responsible for the ATMZOW skimmer continues to refine their approach. This time, they have created two new containers – GTM-NTV2JTB4 and GTM-MX7L8F2M – embedding the same malicious script. With these containers, the attacker aims to reinfect compromised websites, further amplifying the potential damage caused by their skimming operation. This cycle of reinfection poses significant challenges to the victims, necessitating swift remediation and heightened security measures.

The discovery of 40 new domains within Google Tag Manager by Magecart Veteran ATMZOW raises concerns about the ever-evolving techniques employed by cybercriminals. The usage of GTM as a means to inject malicious code and scripts highlights the need for increased vigilance and robust security measures. With an in-depth analysis of obfuscation methods, examination of GTM containers in e-commerce malware, tracking of the ATMZOW skimmer’s development, and exploration of various tactics employed by the hacker, businesses and individuals can better equip themselves to mitigate the risks and protect their online assets. As cyber threats continue to evolve, it is imperative to stay informed and proactive in countering these malicious activities.

Explore more

Vivo X Fold 6 – Review

The arrival of the Vivo X Fold 6 marks a pivotal moment where foldable devices transcend their status as fragile novelties to become the primary choice for power users. This transition represents a significant advancement in the mobile sector, pushing the boundaries of what a single handset can accomplish. By merging a book-style form factor with the raw performance of

Oppo Reno16 Series – Review

The modern smartphone market has reached a peculiar crossroads where the distinction between mid-range utility and flagship luxury is no longer defined by features but by the audacity of a manufacturer’s pricing strategy. Traditional product cycles often prioritize incremental updates, but this latest iteration signals a departure from conservative engineering. By integrating components usually reserved for the highest echelon of

AI Adoption Fails Without Proper Workforce Readiness

Ling-yi Tsai is a formidable force in the HRTech sector, possessing decades of experience guiding global organizations through the complex labyrinth of digital evolution. Her mastery of HR analytics and her tactical approach to integrating technology across recruitment and talent management have made her a sought-after advisor for companies looking to bridge the gap between human potential and machine efficiency.

The Human Infrastructure Powering Artificial Intelligence

The seamless flicker of a chatbot’s reply or the effortless lane change of a driverless vehicle often masks a vast, invisible network of human cognitive labor that makes such digital grace possible. While the marketing of advanced technology frequently paints a picture of silicon brains evolving in isolation, the underlying reality is a global assembly line of human intelligence. Every

Bruce Clay Leaves a Lasting Legacy as the Father of SEO

The Architect of an Industry and the Importance of Digital Frameworks The digital landscape we navigate today was not born out of thin air but was meticulously shaped by a few visionary thinkers who saw the potential of the internet long before it became a global marketplace. Among these pioneers, Bruce Clay stood as a singular figure whose influence spanned