Security researchers discovered a new batch of nine websites infected with malicious JavaScript that steals payment card info from online shoppers. Some of them were infected a second time and the script persisted, despite efforts from the researchers to contact the website owners. The script is attributed to MageCart Group 12, as per analysis from RiskIQ a threat actor that is changing tactics as their tricks are being published in security reports. The two researchers noticed that the skimmer is hosted on ‘toplevelstatic.com,’ which resolves to multiple IP addresses, mostly in Russia.
Source: https://www.bleepingcomputer.com/news/security/credit-card-skimmer-found-on-nine-sites-researchers-ignored/