Here is an example of an infected Google Tag Manager with symptoms such as a WordPress site redirecting to another site (clicking a button jumps to a different site).
Malware contained in Google Tag Manager not detected by malware inspection within WordPress
Google Tag Manager is a service that allows you to add various features to your site from Google’s admin panel and embed the program in WordPress in bulk.
If there is a malware (malicious code, virus) infected file in this tag manager, it cannot be detected no matter how much you scan the files on WordPress because the file exists on Google’s servers.
If the malware cannot be detected by the malware detection plugin, we recommend that you suspect the tag manager, since this is a program that resides on Google’s system.
Malware transmitted by api.dot-metrix.com
api.dot-metrix.com was originally a service that provided access analysis and was used by many companies. However, the service was terminated last year, and the domain has been acquired by another user.
This user (hacker) has re-created a malware distribution site on the exact same address, api.dot-metrix.com, that misdirects users to an unintended page by clicking a page or a button on the site, and has been using the api.dot-metrix.com service as the site that was originally used. We have received requests for malware removal from sites that originally used the api.dot-metrix.com service and still have the tag on the site.
Prevent malware distribution by api.dot-metrix.com
If your Google Tag Manager includes services provided by the dot-metrix.com domain, please remove that part. Even if it is not in the tag manager, it may be listed directly in the database or theme header, so please inspect these as well.
(Malicious code from dot-metrix.com found directly in your site’s database or files can be detected with the [Free] WordPress: Malware Scanning & Security Plugin [Malware and Virus Detection and Removal] ).