A new type of payment skimmer uses WebRTC data channels to get payloads and steal data. PolyShell is said to have helped with the attack on the e-commerce site of a car maker. On March 10, 2026, Adobe put out version 2.4.9-beta1, which fixed PolyShell.
But the patch hasn't made it to the live versions of Magento Open Source and Adobe Commerce yet. The skimmer is a self-running script that connects to a hard-coded IP address over UDP port 3479 and gets JavaScript code that is then added to the web page to steal payment information.
Researchers said in a report that came out this week that it is a big step forward for skimmer attacks because it gets around Content Security Policy (CSP) rules. According to the Dutch security company, PolyShell attacks have been found in 56.7% of all stores that are vulnerable.
