Malwarebytes has discovered a legitimate web site collecting donations for the victims of the Australia bushfires that has been compromised by a Magecart script. The attack is called Magecart and involves hackers compromising a web site and injecting malicious JavaScript into eCommerce or checkout pages. These scripts will then steal any credit cards or payment information that is submitted and send it off to a remote site under the attacker’s control. The same script is currently active on 39 other web sites and could be modified by hackers to enable the skimming script again.
Source: https://www.bleepingcomputer.com/news/security/australia-bushfire-donors-affected-by-credit-card-skimming-attack/