Magecart Group, tracked by Trend Micro, injected malicious code via a skimming toolkit to a third-party JavaScript library of online advertising company, Adverline.  

The toolkit includes two scripts, one of which detects transactional activity in URL strings for shopping cart websites.  Once shopping activity is detected, the script starts skimming  for payment and billing data. 

Trend Micro solutions detecting the attack is a big win. However, this is yet another case illustrating how vulnerable companies are with their third party supply chains.