Intrusions involved alterations of the WordPress plugin WooCommerce's checkout PHP file to enable staging of an HTML style sheet-emulating PHP script, which then allows retrieval of the credit card skimmer.
Article Link: Novel credit card skimmer used in widespread attacks | SC Media