Over 2 million websites are now infected with Magecart, malware that allows thieves to steal credit card information, according to a RiskIQ report released Friday.
Why it matters: Magecart has become one of the most prolific threats to steal credit card information online. "2 million is a big number, and only getting bigger," Jordan Herman, a researcher at RiskIQ, told Axios via email.
Background: Magecart has ensnared some of the largest websites in credit card breaches, including Ticketmaster and British Airways.
It is often installed into the code running websites on misconfigured Amazon cloud servers using automated software that finds the cloud accounts and inserts that malicious code.
RiskIQ recommends, whenever possible, consumers use off-site mechanisms to pay for website goods — like Apple Pay, PayPal or other established trustworthy systems.
