Cybercriminals have upgraded their credit card skimming scripts to use an iframe-based phishing system designed to phish for credit/debit card info from Magento-powered store customers on checkout. Magecart groups usually inject JavaScript-based payment data skimmers within the code of the website, with the scripts collecting and exfiltrating payment information in the background and customers never even noticing that it happened. The new method one-ups Magecart Goup 4’s devious strategy by displaying a credit card phishing form on the page where customers are redirected to the payment service provider (PSP)
Source: https://www.bleepingcomputer.com/news/security/hackers-steal-payment-card-data-using-rogue-iframe-phishing/