Website owners should secure their Google Tag Manager account and be on the lookout for injected code that would reference an additional GTM.

Several attacks I've looked at recently used a Google Tag Manager library to load credit card skimmers.

Here's an example and a couple of new #Magecart domains:
webstatlstics[.]com (skimmer)
info-select[.]com (exfiltration)