https://arstechnica.com/information-technology/2019/09/magecart-skimmers-seen-targeting-routers-for-customer-wi-fi-networks/

Threat researchers at IBM X-Force IRIS have spotted activity by a known group of criminal web malware operators that appears to be targeting commercial layer 7 routers—the type typically associated with Wi-Fi networks that use "captive portals" to either require customer sign-in or charge for Internet access.

The group, called "Magecart 5," is one of several factions of criminal groups originally associated with the Magecart "web-skimmer", a class of JavaScript-based payment card stealing malware that has been used in the past to target customers on e-commerce websites. Ticketmaster, British Airways, and NewEgg customers were just some of the victims in a rash of exploits by Magecart rings in 2018, and the malware operators have continued to be active in 2019. According to researchers, hundreds of thousands of merchant sites have been compromised through attacks on third-party services.