From prodefence.org
A curious case of web-based card skimming activity revealed that the Poker Tracker website had been compromised and loaded a Magecart script – code that steals payment information from customers.
Online poker enthusiasts use the Poker Tracker software suite to improve their winning chances by making decisions based on statistics compiled from the opponents’ gameplay.
Magecart loading in poker app
A report on August 8 indicated that Malwarebytes anti-malware blocked Poker Tracker from connecting to a domain known to host credit card skimmers – scripts that copy payment card details on checkout pages and delivers them to the attacker.
Security researchers decided to investigate and after installing and running the software they noticed the same behavior: a connection to ajaxclick[.]com and retrieval of a malicious JavaScript file.