Magecart Hits Continue: Stripe Spoofing, Supply Chain Risks

Digital Skimming Attacks Spoof Stripe Payment Forms to Steal Payment Card Data Mathew J. Schwartz (euroinfosec) • January 13, 2026

Unlike a buy-one-get-one sale, a gift with purchase or a holiday discount, payment card data stolen through digital skimming attacks is a mark of online commerce that never disappears.

See Also: On-Demand | NYDFS MFA Compliance: Real-World Solutions for Financial Institutions

Researchers this week published a deep dive into a long-running, active campaign that steals card numbers from e-commerce shops, including a recent attack script designed to infiltrate online shops that run the popular WooCommerce platform. Researchers separately sounded an alert over popular, cloud-based ConnectPOS point-of-sale software, which left its code repositories publicly exposed, leaving customers at risk of a supply-chain attack.

Digital skimming attacks are also known as Magecart attacks. The name comes from the group that pioneered the tactic of using malicious scripts to "skim" off payment card ...