Magecart Campaign Targets 99 Magento Stores with SVG Skimmer

Severity: High (Score: 69.0)

Sources: Gbhackers, Cybersecuritynews

Summary

A large-scale Magecart campaign has compromised 99 Magento e-commerce stores, utilizing an innovative evasion technique involving invisible SVG elements to inject credit card skimmers directly into checkout pages. Discovered on April 7, 2026, the attackers employed a 'double-tap' skimmer that presents a convincing fake payment overlay before redirecting users to legitimate sites, thereby stealing payment information without detection. Security researchers at Sansec reported the attack, which affects numerous online retailers and poses a significant risk to customer payment data. The malicious payload is concealed within an SVG image element, making it difficult for security scanners to identify. The ongoing investigation suggests that the attackers may have gained unauthorized access to the stores' systems prior to deploying the skimmer. As of now, the full scope of the impact is still being assessed, and affected stores are urged to take immediate action to secure their platforms. Key Points: • 99 Magento e-commerce stores compromised by a Magecart campaign. • Attackers used invisible SVG elements to deploy credit card skimmers. • The skimmer presents a fake payment overlay to users before redirecting them.

Key Entities

• Malware (attack_type)
• Magecart Campaign (campaign)
• Magecart (malware)
• Magento (platform)