Magecart gang has come up with a new credit-card skimming technique for hijacking PayPal transactions during checkout. A security researcher who identifies himself as Affable Kraut discovered the technique, which uses postMessage to inject convincing PayPal iframes into the checkout process of an online purchase. The attack does this by pre-filling fake PayPal forms to be displayed during a victim s checkout process instead of the legitimate one, which boosts the likelihood the person shopping will fall victim to the malicious action.
Source: https://threatpost.com/magecart-hijacks-paypal-transactions/161697/