The rash of e-commerce sites infected with card-skimming malware is showing no signs of abating. Researchers on Thursday revealed that seven sites—each with more than 500,000 collective visitors per month—have been compromised with a previously unseen strain of sniffing malware designed to surreptitiously swoop in and steal payment card data as soon as visitors make a purchase. One of those sites, UK sporting goods outlet Fila.co.uk, had been infected since November and had only removed the malware in the past 24 hours, researchers with security firm Group-IB told Ars. Since then, researchers have uncovered a raft of competing crime gangs that specialize in infecting big-name sites that accept payment-card data from visitors. RiskIQ, a firm that researched the site infections early on, gave the name Magecart to the 12 distinct groups it identified as targeting weaknesses in Magento. In a testament to just how popular the crime has become, a researcher from security provider Malwarebytes in November found a single site that was infected by two different card skimmers.