Cybercrime groups are distributing malicious PHP web shells disguised as a favicon to maintain remote access to the compromised servers and inject JavaScript skimmers into online shopping platforms. Injecting web skimmers on e-commerce websites to steal credit card details is a tried-and-tested modus operandi of Magecart, a consortium of different hacker groups who target online shopping cart systems. The latest attack is a little different in that the skimmer code is introduced into the merchant site dynamically at the server-side.
Source: https://thehackernews.com/2021/05/magecart-hackers-now-hide-php-based.html