I found a card skimmer on Canada Computers' online checkout page. This malware steals any information you enter on the page and sends it to the attacker's website.
The malware is a Magecart-style script that listens to any input on the payment form fields, validates them, and steals them. It's obfuscated and loads from CodePen through a disguised Google Analytics script (something a real payment processor would never do). The malware captures credit card number, CVV, expiration date, first name, last name, billing address, billing city, billing province, billing postal code, phone number, email address and the Canada Computers account you're logged into.
