In recent months the Foregenix Forensic Lab has seen many of it's clients using the payment processor Braintree and their Hosted Fields solution, a form of iFrame for each input field of the checkout page.  

It would appear the attackers have also taken an interest in Braintree, writing a JavaScript to specifically target the payment card data entered by the customer and exfiltrating it to a remote server.  Braintree, from their own website, claim to be "serious about protecting incoming data".  So, it's ironic that this attack piggybacks off Braintree's own objects in order to execute this attack.  

In the forensic lab we have seen malicious client side JavaScripts and iFrame intercepts before and these appear to be on the increase.

See the Foregenix blog for more information on:

iFrame interceptions

Malicious JavaScripts