This kind of attack starts with determining which websites are frequently visited by potential victims (such as employees of a company of interest). The attackers then compromise these websites and place malware on them. When victims subsequently visit these websites, malware may be downloaded to their devices.
A file that an attacker can upload to a server and then use to execute OS commands through its web interface and gain access to other files.
Malicious code injected into a page on a hacked site where the user enters payment card information, with the purpose of stealing such information.