Target open-sources its web skimmer detector

Target’s cybersecurity team has open-sourced the code of Merry Maker, the company’s internal application that it has used since 2018 to detect if any of its own websites have been compromised with malicious code that can steal payment card details from buyers.

“Since its launch in 2018, Merry Maker has completed over one million website scans, and we’ve filed multiple patent applications,” the Target security team said in a blog post this week.

“The technology was launched right before Thanksgiving in 2018 and we nicknamed it for its ability to help keep the holiday shopping season — and all shopping occasions — safer and merrier,” Target said about the tool’s peculiar name.

Under the hood, the tool was developed to access an e-commerce portal and behave like a real user. It can access product pages, search listings, add items to the cart, and enter payment details in the checkout form.

But Merry Maker also inspects how the website behaves and reacts to all these actions and runs a continuous analysis of any code the website is loading and executing, even in real-time.

This code is checked against lists of existing IOC and YARA rules for known threats, such as domain names, IP addresses, and JavaScript files that have been used in past web skimmer attacks.

If any threat is detected, Merry Maker will raise an alert in a web-based dashboard, and security teams can move to inspect any possible compromises.

Image: Target

Target’s Merry Maker tool is available on the company’s GitHub account.

The tool is recommended for the owners of online stores who want to protect their e-commerce platforms against attacks known as Magecart, web-skimmers, or e-skimmers.

These types of attacks have first been seen in 2016 and have become more sophisticated each year. While initially, anyone would have been able to detect Magecart attacks just by looking at a site’s source code using their browser, nowadays, malicious code is often hidden and only executes in certain conditions, requiring advanced HTML and JavaScript knowledge and specialized tools to detect.

Catalin Cimpanu

Catalin Cimpanu is a former cybersecurity reporter for Record Future News. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.

Recent Posts

Ransomware attack on Indianapolis Housing Agency leaks sensitive info on 200,000 residents

The Indianapolis Housing Agency is notifying more than 200,000 people that their information, including Social…

8 hours ago

New York’s Andrew Garbarino takes helm of House’s cybersecurity subcommittee

New York Republican Andrew Garbarino has been chosen as the new chairman of the House's…

10 hours ago

TSA issues security directive to airports, carriers after ‘no-fly’ list leak

The Transportation Security Administration has issued a security directive to all U.S. airports and air…

11 hours ago

Russian foreign ministry claims to be the target of ‘coordinated’ cyber aggression

Russia’s deputy foreign minister claimed this weekend that the country has been the target of…

16 hours ago

British retailer JD Sports reveals 2-year-old intrusion affecting data of 10 million customers

British sportswear retailer JD Sports announced Monday that data belonging to approximately 10 million unique…

16 hours ago

How Ukraine’s Cyber Police fights fraud, scams, and attacks on critical infrastructure

Editor’s note: Ukraine’s Cyber Police had a busy year in 2022. The law enforcement agency…

1 day ago