The Magecart card skimmer scripts are typically found in attacks against e-commerce sites. However, in a recent case, Malwarebytes researchers uncovered Magecart skimmers on the PokerTracker website.
The detailed picture
Researchers learned from a customer that Malwarebytes anti-malware blocks the connection to the domain ajaxclick[.]com when PokerTracker 4 (PokerTracker4.exe) was launched.
Magecart skimmer script has been injected into PokerTracker’s subdomain and root domain as both are running an outdated version of Drupal (6.3x). Therefore, every time users launch PokerTracker 4, it would load the compromised web page within the application. This resulted in Malwarebytes blocking the web connection.
In an unexpected departure from the norm, the Magecart script found on the online poker site instead of an e-commerce site suggests attackers diversifying their targets.
The response from PokerTracker