Quote:A joint report released today by cyber-security firms RisqIQ and Flashpoint provides a 60-page deep technical dive into the activities of several cyber-criminals groups that have been active in the past three years hacking online stores to secretly log and steal payment card details entered inside checkout forms.

All these hacks usually follow a well-established pattern. The first step is for hackers to gain access to an online store's backend.
Initial Magecart attacks targeted Magento stores. Hackers used automated scanners to search the Internet for Magento stores and used vulnerabilities in the Magento CMS or its plugins to gain an initial foothold on infected systems.

Hackers would then modify the site's source code, making the hacked site load a piece of JavaScript code that would watch the payment form on checkout pages for new data entered by users.
The malicious script --which initially received the name of Magecart malware-- would collect all data entered by a user inside these forms and later send it to a remote server under the attacker's control.