magecart

Magecart is a malware framework intended to steal credit card information from compromised eCommerce websites. Used in criminal activities, it's a sophisticated implant built on top of relays, command and controls and anonymizers used to steal eCommerce customers' credit card information. The first stage is typically implemented in Javascript included into a compromised checkout page. It copies data from "input fields" and send them to a relay which collects credit cards coming from a subset of compromised eCommerces and forwards them to Command and Control servers.

Linked Threat Actors

FIN6MageCart

C2 Infrastructure

Hosting/VPS100%

Last 7 days

Apr 5, 2026

C2 Hosts: 5

Daily C2 host counts for the last 7 days
Date	C2 Hosts
Apr 5, 2026	5

Further Reading

Microsoft Defender Threat Intelligence | Microsoft Security

Discover Microsoft Defender Threat Intelligence—powerful threat intelligence software for cyber threat protection and threat solutions for your organization.

Microsoft Defender Threat Intelligence | Microsoft Security

Discover Microsoft Defender Threat Intelligence—powerful threat intelligence software for cyber threat protection and threat solutions for your organization.

Microsoft Defender Threat Intelligence | Microsoft Security

Discover Microsoft Defender Threat Intelligence—powerful threat intelligence software for cyber threat protection and threat solutions for your organization.

Web skimmers found on the websites of Intersport, Claire's, and Icing

The malicious code has now been removed from all stores, but users are advised to review card statements for suspicious transactions.

Black Friday Alert : 4 Emerging Skimming Attacks | Zscaler

Increasing credit card skimming activity against Magento and Presta-based e-commerce stores as Black Friday holiday season approaches.