[4] In 2018, British Airways had 380,000 card details stolen via this class of attack.
Magecart is software used by a range[7] of hacking groups for injecting malicious code into ecommerce sites to steal payment details.
That would indicate that the software is running in a virtual machine probably used to detect the malware rather than make a purchase.
[13] In October 2023 a Magecraft version was reported to be inserted into all the 404 error pages of infected Web sites.
The site visitor enters sensitive details into, for example, an order form, then sees a fake "session timeout" error, while the information is sent to the attacker.