Cybersecurity researchers discovered a sophisticated payment skimmer targeting e-commerce sites through the PolyShell vulnerability in Magento and Adobe Commerce platforms. The malware uses WebRTC data channels to steal credit card information, cleverly bypassing Content Security Policy protections that normally block such attacks.
Mass exploitation began March 19, 2026, affecting 56.7% of vulnerable stores. The skimmer connects to command servers via encrypted WebRTC channels, receives second-stage payloads, and executes them while evading detection. One victim was a major car manufacturer worth over $100 billion.
Adobe released a beta fix March 10, but it hasn't reached stable release yet.
Source: The Hacker News