Magecart is a consortium of malicious hacker groups who target online shopping cart systems, usually the Magento system, to steal customer payment card information. This is known as a supply chain attack. The idea behind these attacks is to compromise a third-party piece of software from a VAR or systems integrator or infect an industrial process unbeknownst to IT.
Shopping carts are attractive targets because they collect payment information from customers: if your malware can tap into this data stream, you have a ready-made card collection tool. Almost all ecommerce sites that use shopping carts don’t properly vet the code that is used with these third-party pieces — a recipe for a ready-made hack.