Threat hunters from IBM X-Force Incident Response and Intelligence Services (IRIS) have identified malicious activity we have attributed to a financially motivated cybercrime faction known as Magecart 5 (MG5). Our research reveals that MG5 is likely testing malicious code designed for injection into benign JavaScript files loaded by commercial grade Layer 7 routers, routers that are typically used by airports, casinos, hotels and resorts, to name a few. In that attack scenario, the compromise of the router can allow for malicious ad injection and pivoting to other parts of the network.