Analysts at Sansec found the source of over 500-ecommerce stores involving a single domain loading a credit card skimmer on all of them.
The attack became evident in late January when a Sansec crawler discovered 374 infections in one day, all using the same malware.
The domain that loaded the malware, naturalfreshmall[.]com, is currently offline and the goal of threat actors was to steal the credit card information of customers on the targeted websites.