PolyShell Malware Targets Hundreds of Web Stores

A fresh wave of attacks is hitting online retailers as security teams observe a malicious JavaScript strain called PolyShell being used to compromise web stores. Researchers say the malware is versatile: it can inject skimming scripts, persist across site changes, and target checkout flows to harvest payment information.

PolyShell’s operators appear to be focusing on high-traffic storefronts and recognizable brands, exploiting common web platform weaknesses and third-party integrations. Attack vectors include compromised admin credentials, vulnerable plugins, and supply‑chain insertion via third‑party scripts. Once embedded, the payload can obfuscate its presence and selectively exfiltrate data to attacker-controlled servers.

For customers, the immediate danger is payment card theft and exposure of personal details. For merchants, the fallout ranges from chargebacks and regulatory fines to reputational damage and loss of consumer trust. Some incidents reported by researchers involved long-lived infections that went unnoticed for weeks, increasing the volume of stolen data.

Mitigation recommendations center on basics that are often overlooked: rotate and secure admin credentials, enable multi-factor authentication, patch plugins and content management systems promptly, and monitor third-party JavaScript for unexpected changes. Content Security Policy (CSP) deployment and subresource integrity (SRI) for external scripts can also reduce risk, alongside regular integrity scans and runtime monitoring of checkout pages.

Incident response guidance emphasizes isolating affected components, revoking compromised keys, and performing forensic analysis to identify the initial access point. Merchants are urged to notify affected customers and payment processors quickly to limit fraud and comply with breach notification rules where applicable.

While PolyShell is the latest example, security teams caution that skimming and script‑injection threats are a persistent problem for e‑commerce. Staying vigilant about supply‑chain hygiene and adopting layered defenses will help reduce the chances of becoming the next target.