A credit card skimmer targeted sites hosted on Microsoft IIS servers that are running an out-of-date version of ASP.NET. Malwarebytes says the skimmer is not that different from others currently operating in how it collects and exfiltrates data. The skimmer steals payment card numbers and tries to also swipe passwords, although the latter activity is not correctly implemented and does not always work. The total number of potential targets number is not available, security firm says. About 27 million websites are currently run on ASP.net 4.0.30319.”]
Source: https://www.databreachtoday.com/card-skimmer-found-hitting-vulnerable-e-commerce-sites-a-14583