MAGECART RETURNS: THREAT ACTORS REBRAND GTM-HIDING ATTACKS June 3, 2025 The Source Defense Research Team has observed an infrastructure shift in a persistent Magecart campaign. The attackers have reactivated a previously dormant domain—jqueri[.]at—continuing their established strategy of hiding malicious scripts behind Google Tag Manager (GTM) containers. This move is part of an ongoing effort to stay ahead The post Magecart returns: threat actors rebrand GTM-hiding attacks appeared fir...
