Magecart injects JavaScript into popular websites to skim for payment data through point-of-sale portals. The malware can check for card details and, once a validation is secured, the information is sent back to its operators.
“While digital skimmers have been around for years, the customized use of skimmers in attacks that target large e-commerce businesses is more recent. But what remains the same is what bad actors exploit: website design and operations processes that pay insufficient attention to insecure or unauthorized third-party code,” said Mike Bittner, associate director of Digital Security and Operations for The Media Trust, in an email to sister publication CIO Dive.
