Magecart skimmers would evade detection by sleeping if any developer tools were found running. Magecart now sends a fingerprint of you on an external server. The malware itself has a nodejs hook, probably for the malware author. The obfuscated tripwire is attached to a (dummy) copy of jQuery-Mask that is served on non-checkout pages. It disables all kinds of logging to the console. It wont do any reporting on mobile devices. The authors now likely have a list of IPs of interested parties.”]
Source: https://gwillem.gitlab.io/2018/10/04/magecart-tripwire/