New WebRTC Skimmer Bypasses Security to Steal Credit Card Data

Discover how a new payment skimmer exploits the PolyShell vulnerability in Magento, threatening e-commerce security worldwide.

By Content Team

Mar 26, 2026

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

Cybersecurity researchers discovered a sophisticated payment skimmer targeting e-commerce sites through the PolyShell vulnerability in Magento and Adobe Commerce platforms. The malware uses WebRTC data channels to steal credit card information, cleverly bypassing Content Security Policy protections that normally block such attacks.

Mass exploitation began March 19, 2026, affecting 56.7% of vulnerable stores. The skimmer connects to command servers via encrypted WebRTC channels, receives second-stage payloads, and executes them while evading detection. One victim was a major car manufacturer worth over $100 billion.

Adobe released a beta fix March 10, but it hasn't reached stable release yet.

Source: The Hacker News

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

Companies House Security Breach Exposes UK Business Data

Mar 31, 2026

ShinyHunters Cybercriminals Expand Cloud-Targeting Extortion Operations

Feb 2, 2026

Rockstar Games Hacked Again — This Time by Teen Cybercriminals ShinyHunters

May 2, 2026

Madison Square Garden Confirms Data Breach After Ransomware Attack

Mar 3, 2026