A credit card skimmer that uses CSS code to blend within the pages of a compromised online store to steal customers’ personal and payment information. The skimmer’s creators successfully bypassed detection by automated security scanners and avoided raising any flags even when examined in manual security code audits. This happened because scanners aren’t commonly scanning CSS files for malicious code. The Magecart group has started to “experiment”” with progressively more advanced techniques to inject their malicious scripts and exfiltrate customers’ payment card info.”
Source: https://www.bleepingcomputer.com/news/security/credit-card-stealer-hides-in-css-files-of-hacked-online-stores/