https://www.bleepingcomputer.com/news/security/hackers-deploy-linux-malware-web-skimmer-on-e-commerce-servers/

Security researchers discovered that attackers are also deploying a Linux backdoor on compromised e-commerce servers after injecting a credit card skimmer into online shops' websites.

The PHP-coded web skimmer (a script designed to steal and exfiltrate customers' payment and personal info) is added and camouflaged as a .JPG image file in the /app/design/frontend/ folder.