From bleepingcomputer.com
Hackers in May planted an e-skimmer on Procter & Gamble’s site First Aid Beauty and it was still stealing payment card data today. This particular MageCart script selects its victims from the US.
If a shopper is from a different country or uses Linux operating system, the script remains inactive, most likely as a defense against security researchers.
Although First Aid Beauty does not bear the Procter & Gamble marks, the company acquired the beauty brand this year for a reported $250 million.