https://www.bleepingcomputer.com/news/security/magecart-skimmer-hits-hundreds-of-sites-in-ad-supply-chain-attack/

Most attackers who utilize malicious scripts known as MageCart to steal payment information usually try to keep a low profile to stay undetected on the sites they compromise. New research shows how one MageCart criminal group recently compromised an advertising script to inject MageCart into hundreds of sites at the same time.

MageCart infections are when attackers compromise an ecommerce site to inject JavaScript into the checkout or cart pages. This script then steals credit card and address information entered into these pages and then sends it off to a remote server for the attackers to collect.