Further examination of a breached checkout page revealed the inclusion of a suspicious script with base64 variables and hex strings that exfiltrate credit card information, as well as names and addresses via the querySelectorAll function.
Article Link: Credit card skimmer concealed via swap files | SC Media