Retailers are on high alert during holiday season of Magecart attacks, which implant malicious computer code into websites and third-party suppliers of digital systems to steal credit card info. Earlier this month, a researcher reported that the Magecart gang used a new technique for hijacking PayPal transactions during checkout. (Justin Sullivan/Getty Images)

Cybercriminals engaging in Magecart schemes are becoming increasingly adept at hiding payment skimmers within innocuous-looking website files and features, as evidenced by two recently discovered schemes in which attackers concealed their malware inside social media buttons and CSS files.

These two campaigns planted and executed the skimmer’s code on the client side. However, the threat that’s particularly growing in stature is the server-side skimmer attack, said the man who reported these two attacks, Willem de Groot, founder of SanSec (Sanguine Security) in the Netherlands.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.