Credit card theft campaign abuses Stripe to host stolen payment info

A Magecart campaign was discovered that leverages legitimate Google Tag Manager containers to load a JavaScript card skimmer which collects payment and billing data on Magento/Adobe Commerce checkout pages; stolen data is obfuscated locally and exfiltrated by creating fake customer records in the attacker's Stripe account (with a Firestore-based variant also observed), allowing the attackers to bypass CSP/network filters by abusing trusted domains.