A new malware campaign targeting Magento-based online stores has surfaced, with cybercriminals injecting digital skimmers to steal credit card details. These skimmers capture information like card numbers, expiration dates, and CVV codes during the checkout process. The attackers exploited a common vulnerability across hundreds of stores, resulting in over a dozen websites receiving stolen data. Security measures blocked more than 1,121 theft attempts within days, protecting users who visited compromised stores.
The campaign shows how digital skimmers can hide within legitimate websites, making them hard to detect. Even users of external payment processors like Quickpay had their payment details intercepted before processing. Security solutions like Malwarebytes can block this malicious activity, but shoppers should stay alert. Store owners have begun removing the malicious code and suspending affected websites.