Magecart-style attack on OpenCart sites uses hidden scripts to inject fake checkout forms, steal card data, and delay fraudulent transactions by several months.