A credit card skimmer targeted sites hosted on Microsoft IIS servers that are running an out-of-date version of ASP.NET. Malwarebytes says the skimmer is not that different from others currently operating in how it collects and exfiltrates data. The skimmer steals payment card numbers and tries to also swipe passwords, although the latter activity is not correctly implemented and does not always work, according to security firm. The total number of potential targets number is not available.”]
Source: https://www.cuinfosecurity.com/card-skimmer-found-hitting-vulnerable-e-commerce-sites-a-14583