Retailers are on high alert during holiday season of Magecart attacks, which implant malicious computer code into websites and third-party suppliers of digital systems to steal credit card info. Earlier this month, a researcher reported that the Magecart gang used a new technique for hijacking PayPal transactions during checkout. (Justin Sullivan/Getty Images)
Cybercriminals engaging in Magecart schemes are becoming increasingly adept at hiding payment skimmers within innocuous-looking website files and features, as evidenced by two recently discovered schemes in which attackers concealed their malware inside social media buttons and CSS files.
These two campaigns planted and executed the skimmerâs code on the client side. However, the threat thatâs particularly growing in stature is the server-side skimmer attack, said the man who reported these two attacks, Willem de Groot, founder of SanSec (Sanguine Security) in the Netherlands.