1216 GMT March 23, 2019
Security giant Symantec found more than 4,800 websites were being hit by these ‘form-jacking’ attacks every month, BBC reported.
High-profile victims of these attacks include airline BA and Ticketmaster.
Online crime groups had turned to the attacks as other more established techniques proved less and less lucrative, Symantec said.
"It's a sign we're in a world where security is tighter and tighter and it's getting harder to carry out this type of activity," said Orla Cox, the director of Symantec's security response unit.
Formerly profitable ventures involving ransomware and mining crypto-currencies now made gangs much less money, she said.
Instead, they were now inserting ‘attack code’, either when sites failed to update core software to close loopholes or via insecure third-party apps, such as chat apps, analytics packages or other extras.
"It's a tiny line of code in there and that's enough for attackers to monitor payment card info being entered and they siphon it off," she said.
"It’s often not obvious that the website has been compromised.
"To the naked eye everything would look fine."
Last year, Symantec had stopped more than 3.7 million form-jacking attacks, said Cox, adding that the figure was a measure of the technique's sudden popularity.
"Cyber-criminals are continuing to find new ways to make money," she said.
"And when they do, they pile in."
Ransomware was also still widely used, said Cox, but better backup practices by businesses and home users meant it was harder for criminals to secure a payday. And infections from ransomware had fallen by 20 percent over the past year.
"In a lot of cases people are not paying up because its got easier for them to get their data back as they often have it in the cloud somewhere," she said.