"Magecart Attack Convincingly Hijacks PayPal Transactions at Checkout"

Researchers have recently discovered that the Magecart gang has come up with a new credit-card skimming technique for hijacking PayPal transactions during checkout just in time for the Christmas holiday shopping season. The technique uses postMessage to inject convincing PayPal iframes into the checkout process of an online purchase.  Once the victim enters and submits payment info, the skimmer exfiltrates the data to apptegmaker.com, a domain registered in October 2020 and connected to tawktalk.com. The latter was seen used in previous Magecart group attacks. The skimmer then clicks the order button behind the malicious iframe and sends the victim back to the legitimate checkout page to complete the transaction.

Threatpost reports: "Magecart Attack Convincingly Hijacks PayPal Transactions at Checkout"