A list of dozens of online stores hacked by a web skimming group was inadvertently leaked by a dropper used to deploy a stealthy remote access trojan (RAT) on compromised e-commerce sites.