BleepingComputer has confirmed Element Vape, a prominent online seller of e-cigarettes and vaping kits is serving a credit card skimmer on its live site, likely after getting hacked.
With its presence across the U.S. and Canada, Element Vape sells e-cigarettes, vaping devices, e-liquids, and CBD products in both retail outlets and on their online store.
Vaping site pulls in JavaScript to skim credit cards
Element Vape’s website is loading a malicious JavaScript file from a third-party website that appears to contain a credit card stealer, as seen by BleepingComputer.
Threat actors employing such credit card stealers on eCommerce stores by injecting scripts are referred to as Magecart.