Threat actors have been observed using swap files in compromised websites to conceal a persistent credit card skimmer and harvest payment information.The sneaky technique, observed by Sucuri on a Magento e-commerce site’s checkout page, allowed the malware to survive multiple cleanup attempts, the company said.The skimmer is designed to capture all the data into the credit card form on the website and exfiltrate the details to an attacker-controlled domain named “amazon-analytic[.]com,” which was registered in February 2024.