A large-scale web skimming operation has emerged across the internet, targeting online shoppers and account holders with unprecedented scope. <\/p>\n
Security researchers have identified an over 50-script global campaign that intercepts sensitive information during checkout and account creation processes. <\/p>\n
The attack demonstrates a significant evolution in how cybercriminals target e-commerce platforms, moving beyond simple credit card theft to stealing full customer identities.<\/p>\n
The campaign employs modular payloads designed for specific payment processors. Attackers have created localized variations that specifically target Stripe, Mollie, PagSeguro, OnePay, PayPal, and other major payment gateways. <\/p>\n
This customized approach allows the malware to blend seamlessly with legitimate payment interfaces, making detection significantly harder for both security teams and customers completing transactions.<\/p>\n
Source Defense Research analysts identified<\/a> the malware infrastructure, uncovering a sophisticated network of domain names used to distribute and control the attack. <\/p>\n Domains such as googlemanageranalytic.com, gtm-analyticsdn.com, and jquery-stupify.com were crafted to appear legitimate, often mimicking popular libraries and analytics services that websites normally load. <\/p>\n This deception allows the malicious scripts to execute without raising immediate suspicion.<\/p>\n Modular, localized payloads target Stripe, Mollie, PagSeguro, OnePay, PayPal & more. \u2014 Source Defense Research (@sdcyberresearch) December 29, 2025<\/a>\n<\/p><\/blockquote>\n\n
![\"\ud83d\udea8\"](\"https:\/\/i0.wp.com\/s.w.org\/images\/core\/emoji\/17.0.2\/72x72\/1f6a8.png?ssl=1\")
Massive #Magecart<\/a> campaign uncovered
An over 50-script global operation hijacking checkout and account creation flows. <\/p>\n
Uses fake payment forms, phishing iframes, and silent #skimming<\/a>, plus\u2026 pic.twitter.com\/9wlHk5OmDH<\/a><\/p>\n