Magecart is not the name of a new online shopping cart API, but the name of a network of cybercriminals who have been stealing credit card credentials for a few years now. One of the groups comprising the larger network that is known by the name of Magecart has been recently spotted by security researchers to use a new method of attack.
Magecart now has the ability to inject retail websites with iframes that look like a regular credit card payment interface. The different approach used in this case is that Magecart doesn't scan for a legitimate payment form to substitute with one that can be skimmed. Instead, the iframe with the malicious payment form is dumped into the code of every PHP page but is only displayed when the page has a regular shopping cart check out form on it.
The malicious frame is formatted in a way that should be relatively obvious for experienced users, and they should be able to spot the issue right away, as the fields required are not found in any normal payment form. The process also tells the victim that they will be redirected to a third-party website where the transaction will be finalized - another giveaway that something is not quite right with the payment and the procedure used.