A threat actor has infected an e-commerce store with a custom credit card skimmer designed to siphon data stolen by a previously deployed Magento card stealer. Malwarebytes’ security researchers discovered the piggybacking skimmer while investigating a massive wave of compromised online stores running out of support Magento 1 installations. A second skimmer will simply harvest credit card details from the already existing fake form injected by the previous attackers. The FBI advises site owners to keep their software updated as one of the main mitigation measures against Magecart attacks.
Source: https://www.bleepingcomputer.com/news/security/malicious-script-steals-credit-card-info-stolen-by-other-hackers/