This new skimmer sudden spikes in demand for platforms that in any case don’t permit custom JavaScript
according to sansec.io the new type of payment skimmer runs on dozens of stores hosted on BigCommerce, Shopify, Zencart, and WooCommerce. on platforms that do not allow custom javascript the skimmer evades the security by showing a fake payment form to visiters that are visiting or making a payment on the affected site. the skimmer also records the visiters keystrokes to steal their payment information
when the visitor complete filling the forms an error message pops up and redirects the victim to the original payment page and with this the victims will not see that their information has been stolen
sansec.io also said on their site that the skimmer uses programmatically generated exfiltration domains. It keeps a counter and uses base64 encoding to produce a new domainname and The first one was registered on August 31st.Wherever customers enter their payment details, they are at risk. Merchants should implement measures to actively counter this.