{"id":21883,"date":"2025-02-13T14:51:43","date_gmt":"2025-02-13T17:51:43","guid":{"rendered":"https:\/\/www.ethicalhacker.com.br\/site\/?p=21883"},"modified":"2025-02-17T12:14:46","modified_gmt":"2025-02-17T15:14:46","slug":"hackers-exploram-o-google-tag-manager","status":"publish","type":"post","link":"https:\/\/www.ethicalhacker.com.br\/site\/2025\/02\/exploits\/hackers-exploram-o-google-tag-manager\/","title":{"rendered":"Hackers exploram o Google Tag Manager"},"content":{"rendered":"\n<p class=\"story-title\"><strong>Hackers exploram o Google Tag Manager para implantar skimmers de cart\u00e3o de cr\u00e9dito em lojas Magento<\/strong><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-size: revert; color: initial;\">Recentemente, atores de amea\u00e7as t\u00eam explorado o <\/span><strong style=\"font-size: revert; color: initial;\">Google Tag Manager (GTM)<\/strong><span style=\"font-size: revert; color: initial;\">\u00a0para injetar\u00a0<\/span><strong style=\"font-size: revert; color: initial;\">skimmers de cart\u00e3o de cr\u00e9dito<\/strong><span style=\"font-size: revert; color: initial;\">\u00a0em lojas de e-commerce baseadas na plataforma\u00a0<\/span><strong style=\"font-size: revert; color: initial;\">Magento<\/strong><span style=\"font-size: revert; color: initial;\">. Esses skimmers s\u00e3o scripts maliciosos que capturam informa\u00e7\u00f5es sens\u00edveis inseridas pelos usu\u00e1rios durante o processo de checkout, como n\u00fameros de cart\u00e3o de cr\u00e9dito, e as enviam para servidores controlados pelos atacantes.<\/span><\/p>\n<div class=\"dad65929\">\n<div class=\"f9bf7997 d7dc56a8 c05b5566\">\n<div class=\"ds-markdown ds-markdown--block\">\n<p style=\"text-align: justify;\">Neste artigo, vamos explorar como essa t\u00e9cnica funciona, como os skimmers s\u00e3o injetados e, principalmente, como voc\u00ea pode usar\u00a0<strong>Python<\/strong>\u00a0para mitigar essa amea\u00e7a. Vamos fornecer um exemplo pr\u00e1tico de script para detectar e remover scripts maliciosos em lojas Magento.<\/p>\n<\/div>\n<\/div>\n<div class=\"f9bf7997 d7dc56a8 c05b5566\">\n<div class=\"ds-markdown ds-markdown--block\"><br \/>\n<p><strong>Como o ataque funciona?<\/strong><\/p>\n<ul>\n<li>\n<p style=\"text-align: justify;\"><strong>Inje\u00e7\u00e3o do script malicioso<\/strong>: Os atacantes injetam um script malicioso no Google Tag Manager (GTM) de uma loja Magento. O script parece ser um c\u00f3digo leg\u00edtimo de an\u00e1lise ou publicidade, mas cont\u00e9m um backdoor ofuscado.<\/p>\n<\/li>\n<li>\n<p style=\"text-align: justify;\"><strong>Persist\u00eancia<\/strong>: O script malicioso \u00e9 carregado a partir de uma tabela do banco de dados do Magento (<code>cms_block.content<\/code>), garantindo que ele permane\u00e7a ativo mesmo ap\u00f3s atualiza\u00e7\u00f5es.<\/p>\n<\/li>\n<li>\n<p style=\"text-align: justify;\"><strong>Coleta de dados<\/strong>: Durante o processo de checkout, o script captura informa\u00e7\u00f5es sens\u00edveis, como n\u00fameros de cart\u00e3o de cr\u00e9dito, e as envia para um servidor remoto controlado pelos atacantes.<\/p>\n<\/li>\n<\/ul>\n<p>\u00a0<\/p>\n<p><strong>Impacto do ataque<\/strong><\/p>\n<ul>\n<li>\n<p style=\"text-align: justify;\"><strong>Roubo de dados financeiros<\/strong>: Informa\u00e7\u00f5es de cart\u00e3o de cr\u00e9dito dos clientes s\u00e3o roubadas, podendo levar a fraudes financeiras.<\/p>\n<\/li>\n<li>\n<p style=\"text-align: justify;\"><strong>Danos \u00e0 reputa\u00e7\u00e3o<\/strong>: Lojas afetadas podem perder a confian\u00e7a dos clientes e sofrer penaliza\u00e7\u00f5es de mecanismos de busca.<\/p>\n<\/li>\n<li>\n<p style=\"text-align: justify;\"><strong>Consequ\u00eancias legais<\/strong>: Como visto no caso recente envolvendo dois romenos, os respons\u00e1veis por esses ataques podem enfrentar acusa\u00e7\u00f5es criminais e penas severas.<\/p>\n<\/li>\n<\/ul>\n<p>\u00a0<\/p>\n<\/div>\n<\/div>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter\" src=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgwuJSKhiPmlEdBdBTyjTLrj-Nn6ej40KVyY8VNje-dMITn0-gYgCiiylW8J3i5d85rBsmpcDb3iSaX7E4vS-coHvQyrDCZ3xy19gUYnfolbhTz2-JQHvcrqMu2M3lI0GsqNfVDfYZSqjGfFoydXdAIu5xlzCMR2TFKFninrn23-PFV_DglQji4lrNlVAWd\/s728-rw-e365\/code.png\" width=\"622\" height=\"352\" \/><\/p>\n<div class=\"f9bf7997 d7dc56a8 c05b5566\">\n<div class=\"ds-markdown ds-markdown--block\"><br \/>\n<p><strong>Mitiga\u00e7\u00e3o com Python<\/strong><\/p>\n<p style=\"text-align: justify;\">Abaixo, vamos criar um script em Python para detectar e remover scripts maliciosos em lojas Magento. O script verifica o conte\u00fado da tabela\u00a0<code>cms_block.content<\/code>\u00a0em busca de scripts suspeitos e os remove.<\/p>\n<p>\u00a0<\/p>\n<p><strong>Script de detec\u00e7\u00e3o e remo\u00e7\u00e3o de skimmers<\/strong><\/p>\n<div class=\"md-code-block\">\n<pre><span class=\"token keyword\">import<\/span> pymysql\n<span class=\"token keyword\">import<\/span> re\n\n<span class=\"token comment\"># Configura\u00e7\u00f5es do banco de dados Magento<\/span>\ndb_config <span class=\"token operator\">=<\/span> <span class=\"token punctuation\">{<\/span>\n    <span class=\"token string\">'host'<\/span><span class=\"token punctuation\">:<\/span> <span class=\"token string\">'localhost'<\/span><span class=\"token punctuation\">,<\/span>\n    <span class=\"token string\">'user'<\/span><span class=\"token punctuation\">:<\/span> <span class=\"token string\">'magento_user'<\/span><span class=\"token punctuation\">,<\/span>\n    <span class=\"token string\">'password'<\/span><span class=\"token punctuation\">:<\/span> <span class=\"token string\">'sua_senha'<\/span><span class=\"token punctuation\">,<\/span>\n    <span class=\"token string\">'database'<\/span><span class=\"token punctuation\">:<\/span> <span class=\"token string\">'magento_db'<\/span><span class=\"token punctuation\">,<\/span>\n<span class=\"token punctuation\">}<\/span>\n\n<span class=\"token comment\"># Express\u00e3o regular para detectar scripts suspeitos<\/span>\nscript_regex <span class=\"token operator\">=<\/span> re<span class=\"token punctuation\">.<\/span><span class=\"token builtin\">compile<\/span><span class=\"token punctuation\">(<\/span><span class=\"token string\">r\"&lt;script.*?src=['\\\"].*?skimmer.*?['\\\"].*?&gt;\"<\/span><span class=\"token punctuation\">,<\/span> re<span class=\"token punctuation\">.<\/span>IGNORECASE<span class=\"token punctuation\">)<\/span>\n\n<span class=\"token keyword\">def<\/span> <span class=\"token function\">verificar_e_limpar_skimmers<\/span><span class=\"token punctuation\">(<\/span><span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">:<\/span>\n    <span class=\"token keyword\">try<\/span><span class=\"token punctuation\">:<\/span>\n        <span class=\"token comment\"># Conecta ao banco de dados<\/span>\n        conexao <span class=\"token operator\">=<\/span> pymysql<span class=\"token punctuation\">.<\/span>connect<span class=\"token punctuation\">(<\/span><span class=\"token operator\">**<\/span>db_config<span class=\"token punctuation\">)<\/span>\n        cursor <span class=\"token operator\">=<\/span> conexao<span class=\"token punctuation\">.<\/span>cursor<span class=\"token punctuation\">(<\/span><span class=\"token punctuation\">)<\/span>\n\n        <span class=\"token comment\"># Consulta o conte\u00fado da tabela cms_block.content<\/span>\n        cursor<span class=\"token punctuation\">.<\/span>execute<span class=\"token punctuation\">(<\/span><span class=\"token string\">\"SELECT block_id, content FROM cms_block\"<\/span><span class=\"token punctuation\">)<\/span>\n        blocos <span class=\"token operator\">=<\/span> cursor<span class=\"token punctuation\">.<\/span>fetchall<span class=\"token punctuation\">(<\/span><span class=\"token punctuation\">)<\/span>\n\n        <span class=\"token keyword\">for<\/span> bloco <span class=\"token keyword\">in<\/span> blocos<span class=\"token punctuation\">:<\/span>\n            block_id<span class=\"token punctuation\">,<\/span> content <span class=\"token operator\">=<\/span> bloco\n            <span class=\"token keyword\">if<\/span> script_regex<span class=\"token punctuation\">.<\/span>search<span class=\"token punctuation\">(<\/span>content<span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">:<\/span>\n                <span class=\"token keyword\">print<\/span><span class=\"token punctuation\">(<\/span><span class=\"token string-interpolation\"><span class=\"token string\">f\"[ALERTA] Script malicioso detectado no bloco ID <\/span><span class=\"token interpolation\"><span class=\"token punctuation\">{<\/span>block_id<span class=\"token punctuation\">}<\/span><\/span><span class=\"token string\">\"<\/span><\/span><span class=\"token punctuation\">)<\/span>\n\n                <span class=\"token comment\"># Remove o script malicioso<\/span>\n                novo_conteudo <span class=\"token operator\">=<\/span> script_regex<span class=\"token punctuation\">.<\/span>sub<span class=\"token punctuation\">(<\/span><span class=\"token string\">\"\"<\/span><span class=\"token punctuation\">,<\/span> content<span class=\"token punctuation\">)<\/span>\n                cursor<span class=\"token punctuation\">.<\/span>execute<span class=\"token punctuation\">(<\/span><span class=\"token string\">\"UPDATE cms_block SET content = %s WHERE block_id = %s\"<\/span><span class=\"token punctuation\">,<\/span> <br \/><span class=\"token punctuation\">(<\/span>novo_conteudo<span class=\"token punctuation\">,<\/span> block_id<span class=\"token punctuation\">)<\/span><span class=\"token punctuation\">)<\/span>\n                conexao<span class=\"token punctuation\">.<\/span>commit<span class=\"token punctuation\">(<\/span><span class=\"token punctuation\">)<\/span>\n                <span class=\"token keyword\">print<\/span><span class=\"token punctuation\">(<\/span><span class=\"token string-interpolation\"><span class=\"token string\">f\"[INFO] Script malicioso removido do bloco ID <\/span><span class=\"token interpolation\"><span class=\"token punctuation\">{<\/span>block_id<span class=\"token punctuation\">}<\/span><\/span><span class=\"token string\">\"<\/span><\/span><span class=\"token punctuation\">)<\/span>\n\n        <span class=\"token comment\"># Fecha a conex\u00e3o com o banco de dados<\/span>\n        cursor<span class=\"token punctuation\">.<\/span>close<span class=\"token punctuation\">(<\/span><span class=\"token punctuation\">)<\/span>\n        conexao<span class=\"token punctuation\">.<\/span>close<span class=\"token punctuation\">(<\/span><span class=\"token punctuation\">)<\/span>\n\n    <span class=\"token keyword\">except<\/span> Exception <span class=\"token keyword\">as<\/span> e<span class=\"token punctuation\">:<\/span>\n        <span class=\"token keyword\">print<\/span><span class=\"token punctuation\">(<\/span><span class=\"token string-interpolation\"><span class=\"token string\">f\"Erro ao acessar o banco de dados: <\/span><span class=\"token interpolation\"><span class=\"token punctuation\">{<\/span>e<span class=\"token punctuation\">}<\/span><\/span><span class=\"token string\">\"<\/span><\/span><span class=\"token punctuation\">)<\/span>\n\n<span class=\"token keyword\">if<\/span> __name__ <span class=\"token operator\">==<\/span> <span class=\"token string\">\"__main__\"<\/span><span class=\"token punctuation\">:<\/span>\n    <span class=\"token keyword\">print<\/span><span class=\"token punctuation\">(<\/span><span class=\"token string\">\"[*] Iniciando verifica\u00e7\u00e3o de skimmers...\"<\/span><span class=\"token punctuation\">)<\/span>\n    verificar_e_limpar_skimmers<span class=\"token punctuation\">(<\/span><span class=\"token punctuation\">)<\/span>\n    <span class=\"token keyword\">print<\/span><span class=\"token punctuation\">(<\/span><span class=\"token string\">\"[*] Verifica\u00e7\u00e3o conclu\u00edda.\"<\/span><span class=\"token punctuation\">)<br \/><br \/><\/span><\/pre>\n<\/div>\n<p><strong>Como Funciona?<\/strong><\/p>\n<ul>\n<li>\n<p style=\"text-align: justify;\"><strong>Conex\u00e3o ao Banco de Dados<\/strong>: O script se conecta ao banco de dados do Magento usando a biblioteca\u00a0<code>pymysql<\/code>.<\/p>\n<\/li>\n<li>\n<p style=\"text-align: justify;\"><strong>Consulta ao Conte\u00fado<\/strong>: Ele consulta a tabela\u00a0<code>cms_block.content<\/code>\u00a0em busca de blocos que contenham scripts suspeitos.<\/p>\n<\/li>\n<li>\n<p style=\"text-align: justify;\"><strong>Detec\u00e7\u00e3o de Skimmers<\/strong>: Usa uma express\u00e3o regular (<code>script_regex<\/code>) para identificar scripts maliciosos que contenham a palavra &#8220;skimmer&#8221; ou padr\u00f5es semelhantes.<\/p>\n<\/li>\n<li>\n<p style=\"text-align: justify;\"><strong>Remo\u00e7\u00e3o do Script<\/strong>: Se um script malicioso for detectado, ele \u00e9 removido do conte\u00fado do bloco, e o banco de dados \u00e9 atualizado.<\/p>\n<\/li>\n<\/ul>\n<p>\u00a0<\/p>\n<p><strong>Como usar?<\/strong><\/p>\n<ul>\n<li>\n<p><strong>Instale o\u00a0<code>pymysql<\/code><\/strong>: Se ainda n\u00e3o tiver a biblioteca\u00a0<code>pymysql<\/code>, instale-a com:<\/p>\n<div class=\"md-code-block\">\n<pre>pip <span class=\"token function\">install<\/span> pymysql<\/pre>\n<\/div>\n<\/li>\n<li>\n<p style=\"text-align: justify;\"><strong>Configure o Banco de Dados<\/strong>: Substitua as credenciais no dicion\u00e1rio\u00a0<code>db_config<\/code>\u00a0pelas informa\u00e7\u00f5es do seu banco de dados Magento.<\/p>\n<\/li>\n<li>\n<p><strong>Execute o Script<\/strong>: Execute o script periodicamente para verificar e limpar poss\u00edveis skimmers.<\/p>\n<\/li>\n<\/ul>\n<p>\u00a0<\/p>\n<p><strong>Preven\u00e7\u00e3o adicional<\/strong><\/p>\n<p>Al\u00e9m de usar o script acima, considere as seguintes pr\u00e1ticas para proteger sua loja Magento:<\/p>\n<ul>\n<li>\n<p style=\"text-align: justify;\"><strong>Audite o Google Tag Manager<\/strong>: Verifique regularmente as tags e scripts no GTM para garantir que n\u00e3o haja c\u00f3digos maliciosos.<\/p>\n<\/li>\n<li>\n<p style=\"text-align: justify;\"><strong>Atualize Plugins e Extens\u00f5es<\/strong>: Mantenha todos os plugins e extens\u00f5es atualizados para evitar vulnerabilidades conhecidas.<\/p>\n<\/li>\n<li>\n<p style=\"text-align: justify;\"><strong>Monitore o Tr\u00e1fego<\/strong>: Use ferramentas de monitoramento para detectar atividades suspeitas, como conex\u00f5es a servidores desconhecidos.<\/p>\n<\/li>\n<li>\n<p style=\"text-align: justify;\"><strong>Eduque a Equipe<\/strong>: Treine sua equipe para reconhecer e evitar pr\u00e1ticas de engenharia social que possam levar a comprometimentos.<\/p>\n<\/li>\n<\/ul>\n<p>\u00a0<\/p>\n<p><strong>Conclus\u00e3o<\/strong><\/p>\n<p style=\"text-align: justify;\">A explora\u00e7\u00e3o do Google Tag Manager para injetar skimmers em lojas Magento \u00e9 uma amea\u00e7a s\u00e9ria que pode resultar em roubo de dados financeiros e danos \u00e0 reputa\u00e7\u00e3o da loja. No entanto, com ferramentas como o script Python apresentado, \u00e9 poss\u00edvel detectar e remover scripts maliciosos de forma proativa.<\/p>\n<p style=\"text-align: justify;\">Lembre-se de que a seguran\u00e7a cibern\u00e9tica \u00e9 um processo cont\u00ednuo. Mantenha seus sistemas atualizados, monitore atividades suspeitas e adote pr\u00e1ticas de seguran\u00e7a robustas para proteger sua loja e seus clientes.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<p>\u00a0<\/p>\n<div class=\"dad65929\">\n<div class=\"f9bf7997 d7dc56a8 c05b5566\">\n<div class=\"ds-markdown ds-markdown--block\">\n<p>Fonte e imagens: <a href=\"https:\/\/thehackernews.com\/2025\/02\/hackers-exploit-google-tag-manager-to.html\" target=\"_blank\" rel=\"noopener\">https:\/\/thehackernews.com\/2025\/02\/hackers-exploit-google-tag-manager-to.html<\/a><\/p>\n<\/div>\n<div class=\"ds-flex\">\n<div class=\"ds-flex abe97156\">\n<div class=\"ds-icon-button\" tabindex=\"0\">\u00a0<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"cbcaa82c\">\n<div class=\"aaff8b8f\">\n<div class=\"cefa5c26\">\n<div class=\"dd442025 b699646e\">\u00a0<\/div>\n<\/div>\n<\/div>\n<\/div>\n\n\n","protected":false},"excerpt":{"rendered":"<p>Hackers exploram o Google Tag Manager para implantar skimmers de cart\u00e3o de cr\u00e9dito em lojas Magento Recentemente, atores de amea\u00e7as t\u00eam explorado o Google Tag Manager (GTM)\u00a0para injetar\u00a0skimmers de cart\u00e3o de cr\u00e9dito\u00a0em lojas de e-commerce baseadas na plataforma\u00a0Magento. Esses skimmers s\u00e3o scripts maliciosos que capturam informa\u00e7\u00f5es sens\u00edveis inseridas pelos usu\u00e1rios durante o processo de checkout, [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":21891,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[89,100,21,105],"tags":[],"class_list":["post-21883","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-basico","category-diversos","category-exploits","category-noticias"],"_links":{"self":[{"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/posts\/21883","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/comments?post=21883"}],"version-history":[{"count":6,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/posts\/21883\/revisions"}],"predecessor-version":[{"id":21889,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/posts\/21883\/revisions\/21889"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/media\/21891"}],"wp:attachment":[{"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/media?parent=21883"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/categories?post=21883"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/tags?post=21883"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}