Magecart threat actors have been spotted using Salesforce’s Heroku cloud application platform to host their card skimming scripts and to store stolen payment card info. Malwarebytes’ Threat Intelligence team found multiple examples of Heroku-hosted Magecart skimmers. Magecart groups are exploiting vulnerable e-commerce stores as part of so-called e-skimming attacks by injecting malicious JavaScript-based scripts into checkout pages. Their end goal is of harvesting payment info submitted by their customers and sending it to remote sites.
Source: https://www.bleepingcomputer.com/news/security/salesforce-s-heroku-used-to-host-magecart-skimmers-stolen-cards/