1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Hackers abused Stripe and Google Tag Manager to launch a credit c

    From TechnologyDaily@1337:1/100 to All on Friday, June 05, 2026 18:30:25
    Hackers abused Stripe and Google Tag Manager to launch a credit card theft campaign and host stolen payment details

    Date:
    Fri, 05 Jun 2026 17:15:00 +0000

    Description:
    Google Tag Manager is also abused in this campaign.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter Attackers abuse Stripe API via Google Tag Manager Malware skims checkout data from compromised Magento sites Stolen card details exfiltrated through api.stripe.com Cybercriminals have turned Stripe into a malware hosting platform, in a new attack that steals peoples payment information from online shoppers. This is according to cybersecurity researchers Sansec, who discovered the campaign earlier this week.

    Sansec says that the attackers managed to compromise certain Magento/ Adobe Commerce store websites, and add a malicious Google Tag Manager (GTM) container. However, when a shopper visits the website, the browser loads the GTM container from Googles servers, and when they reach checkout, the GTM
    code makes a request to Stripes API. Latest Videos From Watch full video
    here: Stealing the information GTM is a free tool that lets website owners manage tracking, analytics, and other scripts on a website without directly modifying the site's code. Since GTM is a widely used tool, loading code from googletagmanager.com looks completely normal and raises no red flags.

    Since Stripe is an online payment processing platform that enables businesses to process financial transactions over the internet, there is still no foul play. But GTM actually retrieves a Stripe customer record controlled by the attackers, inside which are pieces of malicious JavaScript. The website downloads those pieces, reassembles them into a working script, then runs
    them in the browser, turning Stripe into a storage locker for malware code. You may like Now that's different - hackers use miniature SVG images to try and hide credit card stealer Funnel Builder WordPress plugin exploited to steal credit card details Huge numbers of web stores are facing attack from this dangerous new malware

    Once that script is running, it starts watching the checkout page, so when
    the victim types in their card details, the script copies everything, including the card number, CVV, name, address, and other relevant details.

    Then, instead of sending the data to the attackers immediately, the malware first combines all stolen information into one string, applies XOR obfuscation, and stores the result locally in the browser. Then the malware creates a fake Stripe customer, splits the stolen data into two chunks, creates a new Stripe customer object in the attackers stripe account, and uploads the stolen information. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news
    and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

    "Both the payload and the stolen cards move through api.stripe.com. Stores allow that domain by default, so the skimmer slips past Content Security Policy rules and network filters that would otherwise flag traffic to an unknown skimmer domain," Sansec explained. The best antivirus for all budgets Our top picks, based on real-world testing and comparisons

    Read our full guide to the best antivirus 1. Best overall: Bitdefender Total Security 2. Best for families: Norton 360 with LifeLock 3. Best for mobile: McAfee Mobile Security Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/hackers-abused-stripe-and-google-tag-ma nager-to-launch-a-credit-card-theft-campaign-and-host-stolen-payment-details


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)