In a massive new Magecart campaign, hackers have inserted malicious payment card skimming code into “277 e-commerce websites providing ticketing, touring, and flight booking services as well as self-hosted shopping cart websites from prominent cosmetic, healthcare, and apparel brands”.

Magecart is an umbrella term for various criminal groups that attack e-commerce websites with the aim of injecting them with card skimming malware. In the latest campaign, the websites were not targeted directly. Instead, hackers launched a supply-chain attack that started with the compromise of a JavaScript library used by Adverline, an online advertising company.

Read more: Compromised ad company serves Magecart skimming code to hundreds of websites