Web skimming attacks target major payment networks
NEWNow you can listen to News articles!
Online shopping is familiar and fast, but a hidden threat continues to operate behind the scenes.
Researchers are following a long-running web browsing campaign targeting businesses connected to major payment networks. Web skimming is a technique where criminals secretly add malicious code to checkout pages so they can steal payment details as shoppers enter them.
These attacks work silently within the browser and often leave no obvious signs. Most victims only discover the problem after unauthorized charges appear in their statements.
Sign up to receive my FREE CyberGuy report
Get my best tech tips, urgent security alerts, and exclusive offers delivered right to your inbox. Plus, you’ll get instant access to my Ultimate Guide to Surviving Scams, free when you join me CYBERGUY.COM information sheet.
WHATSAPP WEB MALWARE AUTOMATICALLY SPREADS THE BANKING TROJAN
Web skimming attacks hide inside checkout pages and steal card data as shoppers enter it. (Kurt “CyberGuy” Knutsson)
What is Magecart and why is it important?
Magecart is the name researchers use for groups that specialize in web browsing attacks. These attacks focus on online stores where shoppers enter payment data during the checkout process. Instead of hacking banks or card networks directly, attackers insert malicious code into a store’s checkout page. That code is written in JavaScript, which is a common type of website code used to make pages interactive. Legitimate sites use it for things like forms, buttons, and payment processing.
In Magecart attacks, criminals abuse that same code to secretly copy card numbers, expiration dates, security codes, and billing details as shoppers enter them. The payment process still works and the purchase goes through, so there are no obvious warning signs. Magecart originally described attacks against Magento-based online stores. Today, the term is applied to web browsing campaigns on many e-commerce platforms and payment systems.
Which payment providers do you target?
Researchers say this campaign targets merchants linked to several major payment networks, including:
- American Express
- diners club
- Discover, a subsidiary of Capital One
- JCB Co., Ltd.
- MasterCard
- union pay
Large businesses that rely on these payment providers face increased risk due to complex websites and third-party integrations.
700CREDITO DATA BREACH EXPOSES THE SSNS OF 5.8 MILLION CONSUMERS
Criminals use hidden codes to copy payment details while the purchase is carried out normally. (Kurt “CyberGuy” Knutsson)
How attackers insert skimmers on payment pages
Attackers often enter through weak points that are easy to miss. Common entry routes include vulnerable third-party scripts, outdated plugins, and unpatched content management systems. Once inside, they inject JavaScript directly into the payment flow. The skimmer monitors form fields linked to card data and personal data, and then silently sends that information to servers controlled by the attacker.
Why web skimming attacks are difficult to detect
To avoid detection, malicious JavaScript is heavily obfuscated. Some versions can delete themselves when they detect an administrator session, making inspections appear clean. Investigators also discovered that the campaign uses bulletproof accommodation. These hosting providers ignore abuse reports and takedown requests, giving attackers a stable environment to operate. Because web skimmers run within the browser, they can bypass many server-side fraud controls used by merchants and payment providers.
Who is most affected by Magecart web skimming attacks?
Magecart campaigns impact three groups at the same time:
- Buyers who unknowingly provide their card details
- Merchants whose checkout pages are compromised
- Payment providers that detect fraud after the damage is done
This shared exposure makes detection slower and response more difficult.
NEW MALWARE CAN READ YOUR CHATS AND STEAL YOUR MONEY
Simple protections like virtual cards and transaction alerts can limit damage and expose fraud more quickly. (Kurt “CyberGuy” Knutsson)
How to stay safe as a buyer
While shoppers can’t fix compromised checkout pages, some smart habits can reduce exposure, limit the use of stolen data, and help detect fraud more quickly.
1) Use virtual or single-use cards
Virtual and single-use cards are digital card numbers that link to your actual credit or debit account without exposing the actual number. They work like a regular card at checkout, but add an extra layer of protection. Most people already have access to them through services they use every day, including:
Major banks and credit card issuers offering virtual card numbers within their apps
Mobile wallet apps like Apple Pay and Google Pay generate temporary card numbers for online purchases, keeping your real card number hidden.
Some payment apps and browser tools that create unique or merchant-blocked card numbers
A single-use card usually works for one purchase or expires shortly after use. A virtual card can remain active for a store and be paused or deleted later. If a web skimming attack captures one of these numbers, attackers generally can’t reuse it elsewhere or generate repeat charges, limiting financial damage and making fraud easier to stop.
2) Activate transaction alerts
Transaction alerts notify you when your card is used, even for small purchases. If web skimming leads to fraud, these alerts can quickly expose unauthorized charges and give you the opportunity to freeze the card before losses mount. For example, a $2 test charge on your card may indicate fraud before larger purchases appear.
3) Block financial accounts
Use strong, unique passwords for banking and card portals to reduce the risk of account takeover. A password manager helps generate and store passwords securely.
Next, check to see if your email has been exposed in previous breaches. Our #1 pick for password manager includes a built-in breach scanner that checks to see if your email address or passwords have appeared in known breaches. If you discover a match, immediately change any reused passwords and protect those accounts with new, unique credentials.
Check out the best expert-reviewed password managers of 2026 at Cyberguy.com.
4) Install powerful antivirus software
Strong antivirus software can block connections to malicious domains used to collect scanned data and warn you about unsafe websites.
The best way to protect yourself from malicious links that install malware and potentially access your private information is to have powerful antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.
Get my picks for the best antivirus protection winners of 2026 for your Windows, Mac, Android, and iOS devices at Cyberguy.com.
5) Use a data removal service
Data erasure services can reduce the amount of personal information exposed online, making it difficult for criminals to link stolen card data to full identity details.
While no service can guarantee complete removal of your data from the Internet, a data deletion service is truly a smart choice. They are not cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically deleting your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to delete your personal data from the Internet. By limiting the information available, you reduce the risk of scammers cross-referencing leak data with information they can find on the dark web, making it harder for them to target you.
Check out my top picks for data removal services and get a free scan to find out if your personal information is already available on the web by visiting Cyberguy.com.
Get a free scan to find out if your personal information is already available on the web: Cyberguy.com.
6) Be on the lookout for unexpected card activity
Review statements regularly, even for small charges, as attackers often test stolen cards with low-value transactions.
Kurt’s Key Takeaways
Magecart web analytics shows how attackers can exploit trusted checkout pages without disrupting the shopping experience. While consumers cannot repair compromised sites, simple security measures can reduce risk and help detect fraud early. Online payments depend on trust, but this campaign shows why that trust must always be accompanied by caution.
Does knowing how web skimming works make you reconsider how secure online payment really is? Let us know by writing to us at Cyberguy.com.
CLICK HERE TO DOWNLOAD THE News APP
Sign up to receive my FREE CyberGuy report
Get my best tech tips, urgent security alerts, and exclusive offers delivered right to your inbox. Plus, you’ll get instant access to my Ultimate Guide to Surviving Scams, free when you join me CYBERGUY.COM information sheet.
Copyright 2026 CyberGuy.com. All rights reserved.
Kurt “CyberGuy” Knutsson is an award-winning technology journalist with a deep love for technology, gear and devices that improve lives with his contributions to News and News Business since mornings on “News & Friends.” Do you have any technical questions? Get Kurt’s free CyberGuy newsletter, share your voice, a story idea or comment on CyberGuy.com.