Active Magecart Campaign Targets Spain, Steals Card Data via Hijacked eStores for Bank Fraud 

This report analyzes a 24+ month Magecart campaign that compromises e-commerce sites (17 confirmed WooCommerce infections) to inject multi-stage JavaScript skimmers which mimic legitimate payment providers (notably Spain's Redsys), exfiltrate cardholder data via WebSocket channels, and maintain resilience through rotating, obfuscated staging infrastructure spanning 100+ domains — creating significant fraud risk to banks and cardholders while evading conventional detection.