Please complete the form to apply for a free scan account.
We'll get back to you as soon as possible.
Turaco Labs needs the information provided to contact you about our services.
Tags:
Over the last three months, the digital skimmer landscape has changed noticeably. Based on the latest ThreatView charts, Magento 2 remains the most targeted platform, but the biggest movement is elsewhere: Shopify has risen sharply and now appears to be the second most targeted platform for digital skimmers, while PrestaShop has also seen a significant increase in skimmer detections over the same period.
That matters because it reinforces a point the industry sometimes loses sight of: no platform is immune if the site running on it is not managed securely. A stronger core ecosystem can absolutely reduce risk, but attackers do not stop at platform reputation. As a platform grows in adoption and commercial value, it naturally becomes more attractive to criminals looking for scale. In that context, Shopify’s rise may be a sign of market presence drawing more adversary attention, while PrestaShop’s growth fits with the broader attack activity already being discussed across the ecosystem.
The message here is not that one platform is “bad” and another is “good.” It is that criminal targeting follows opportunity - merchant volume, brand visibility, weak operational controls, third-party risk, and delayed detection all play a part.
For merchants, agencies and platform teams, this should be read as a call for collaboration, not criticism. The most productive response is to help merchants identify compromise earlier, improve monitoring, and reduce the time between infection and containment. That is especially important with digital skimmers, where a store can continue trading while customer payment data is being stolen in parallel.
Our view is simple: platform security matters, but site-level security still decides outcomes. If a store is not being managed and monitored properly, criminals will take advantage - whether that store runs on Magento/Adobe Commerce, Shopify, WordPress, PrestaShop or anything else.
If you run an eCommerce site, now is a good time to check it.
ThreatView’s free scanner is a fast first step.
In February 2026, we detected 327 compromised PrestaShop websites running card-harvesting malware loaders or digital skimmer malware. By the beginning of June 2026, that number had risen to 1,068. This is an active, expanding campaign affecting a growing number of merchants.
A practical guide for Magento and Adobe Commerce merchants dealing with PolyShell: what it is, how to detect compromise, how ThreatView helps, and what to do next.
At Turaco Labs, our ThreatView telemetry has detected a concerning spike in compromised PrestaShop websites. As of this morning, we have identified 327 hacked sites actively running payload loaders or digital skimmer malware.
