As the holiday shopping season approaches, eCommerce website owners need to be vigilant against credit card stealing malware, known as 'MageCart'. Attackers focus their efforts in the last quarter to maximize profits from stolen card details. Analysis of recent malware samples reveals sophisticated techniques, including WebSocket skimmers, jquery hex skimmers, and r.blob skimmers. These skimmers use obfuscation methods like XOR encryption and base64 encoding to hide their malicious code. The Smilodon hacking group has evolved its tactics, now using randomized plugin names in WordPress. Website owners are advised to implement security measures such as two-factor authentication, strong passwords, and keeping software up-to-date to protect against these threats.