Free Magecart skimmer scanner

What is Magecart?

Magecart refers to dozens of criminal groups that specialise in web skimming: planting hidden JavaScript on e-commerce sites that copies card numbers as customers type them at checkout, then exfiltrates the data to an attacker-controlled server. The customer completes a normal purchase and never knows. Stores often discover it only when their payment processor or a bank flags fraud weeks later.

Skimmers commonly arrive through an unpatched Magento CVE, a compromised admin account, or a hijacked third-party script. Magento’s checkout is a prime target because of its transaction volume.

What our skimmer scan looks for

• Known skimmer indicators — patterns matching active card-skimming campaigns.
• Suspicious external scripts — unexpected third-party JavaScript loading on storefront pages.
• Exfiltration-style behaviour — risky calls associated with data theft.
• Exposure that lets skimmers in — missing patches, weak headers and leaked files an attacker uses to plant the skimmer in the first place.

The free scan is passive and external. For deeper, runtime-level detection on a store you own, verified scans can render the checkout in a real browser, and the MageArgus module scans your filesystem and database for injected code directly.

How to remove a Magecart skimmer

If a skimmer is found, treat it as an active breach:

1. Take a forensic copy, then remove the injected script from templates, CMS content and any compromised third-party file.
2. Find and close the entry point — patch the CVE or admin account that was abused, or the skimmer returns within days.
3. Rotate all admin credentials and integration tokens.
4. Notify your payment processor and follow PCI breach obligations.

Need hands-on help? See Magento malware removal.