CNBC reported on the threat to consumers and retailers from e-skimming attacks against online shopping websites. These attacks attempt to inject JavaScript into the checkout page of a retail website to steal consumers’ payment card details and personal information. Herb Stapleton of the FBI Cyber Division told CNBC that e-skimming is on the rise, and although it is difficult to estimate the impact on the industry, at least “millions of cards” have been stolen using this method. Binary Defense contributed to the story by providing advice for combatting the threat, and by creating an online shopping website using Magento, a platform that many retailers use for shopping and checkout functionality, to demonstrate a JavaScript injection attack that stole payment information from the checkout page. Because many of the attacks against retailers have targeted shopping cart pages on Magento sites, Dutch researcher Yonathan Klijnsma coined the term “Magecart” to describe this type of attack and the threat groups that use it. Several different threat groups have been described using the term “Magecart,” and Indonesian authorities recently announced the arrest of criminal actors behind one such group.