Credit card skimming group Fullz House has compromised and injected the website of US mobile virtual network operator Boom! Mobile with a credit card stealer script. The attack is known as a MageCart attack (aka web skimming or e-skimming) It consists of threat actors injecting malicious JavaScript scripts within one or more sections of a compromised website. These scripts are then used by the hackers to steal payment or personal info submitted by the sites’ customers within e-commerce forms. The company site runs PHP version 5.6.40, a version unsupported since January 2019.
Source: https://www.bleepingcomputer.com/news/security/hacker-group-compromises-mobile-provider-to-steal-credit-cards/