Cybercriminals tend to follow the money so with retail shopping dramatically shifting to the web due to the COVID-19 shutdown of brick and mortar retailers, researchers are seeing an increased use in online payment card skimming malware.

Malwarebytes has tracked a 26 percent increase in the number of such skimmers in use in March 2020 compared to February. A smaller increase was spotted in February with skimming attempts up a slight 2.6 percent over January, which coincides with countries beginning to implement stay at home measures to defeat the virus.

“While this might not seem like a dramatic jump, digital credit card skimming was already on the rise prior to COVID-19, and this trend will likely continue into the near future,” said Jérôme Segura, Malwarebytes, director of threat intelligence.

The Magecart group of skimming gangs has been the primary force attacking retailers or any organization that collects money for services online. Malwarebytes data, however, did not attribute the increase to Magecart or any other malicious actors.

The United States is bearing the brunt, 74 percent, of the card skimmer activity followed by Canada and Australia. Segura believes this is due to the more severe quarantine measures put in place. Italy and Spain do not even appear on the list, a fact Segura attributed to online shopping habits in those countries as opposed to the idea criminals are simply not targeting those populations.

Malwarebytes tracking efforts also noted the heaviest skimming day is Monday with attempts tailing off as the week progresses finally bottoming out on the weekend. This is not due to the criminals being on a schedule, but is following a long established consumer shopping pattern that sees the heaviest amount of shopping taking place earlier in the week, Segura said.