Currently security firm Sucuri researchers are investigating on the issue and they believe that hackers are injecting malicious code into Magento core file or some widely used extensions, in order to steal users credit card details.
Peter Gramantik, senior malware researcher of Sucuri wrote -
The sad part is that you won’t know it’s affecting you until it’s too late, in the worst cases it won’t become apparent until they appear on your bank statements.This is not the first time that hackers are targeting Magento CMS in a wild. Back in April, a critical Remote Code Execution Flaw in Magento allowed hackers to fully compromise any online store powered by Magento and thereby gain access to credit card data and other financial, and personal information related to the customers.
You can read the full details about the latest threats on Magento from here, and get the in-depth details about the issue.