WordPress Redirect Malware Hidden in Google Tag Manager Code
Last month, a customer contacted us after noticing their WordPress website was unexpectedly redirecting to a spam domain. The redirection occurred approximately 4-5 seconds after a user landed on the site.
Upon closer inspection of the site’s source code, we found a suspicious Google Tag Manager loading.
This isn’t the first time we’ve seen GTM abused. Earlier this year, we analyzed a credit card skimming attack where attackers injected a payment skimmer via a GTM container.
This blog post details our full investigation into this campaign, how it was injected, how it worked, and how we removed it.
To read the complete article see:
This post is licensed under CC BY 4.0 by the author.