Connect with us

Hi, what are you looking for?


Target open sources scanner for digital credit card skimmers


Target open sources proprietary skimmer scanner ‘Merry Maker’

Target, one of the largest American department store chains and e-commerce retailers, has open sourced ‘Merry Maker’ – its years-old proprietary scanner for payment card skimming.

A skimmer is malicious code injected into shopping sites to steal customers’ credit card data at checkout. The code can be hidden on the online store or it can be loaded from external resources, sometimes via a local element such as a favicon.

By open-sourcing Merry-Maker, Target helps online retailers fight the credit card skimming threat that’s been affecting the sector for years.

Target’s solution

Target has been running its online shop since 2002, offering almost all products that one can find in the brick-and-mortar locations of the chain. The site is an attractive target for credit card thieves as it enjoys high traffic (Alexa rank: 200).

As the credit card skimming threat increased, two of Target’s security engineers, Eric Brandel and Caleb Walch, took action and in 2018 they created ‘Merry Maker’ to detect code that steals payment card data.

The tool simulates real user activity through test transactions, which are flagged accordingly internally. It then collects and analyzes the resulting network requests, JavaScript file activations, and any other signs of unwanted or suspicious activity.

Merry Maker anti-skimmer

The scanner component of the Merry Maker framework inspects events and determines which rules to apply. There is support for YARA rules, indicators of compromise (IoCs), unknown domain rule.

Advertisement. Scroll to continue reading.

Merry Maker anti-skimmer scanner

Merry Maker relies on Puppeteer – a Node.js component, to control the client-side scanner implemented through a headless browser (Headless Chrome), Target explains in a more technical report.

An administration dashboard shows “the current state and health of the system,” recent alerts, the number of events pending, and active scans.

Open-sourcing Merry Maker

After more than a million scans on, the company believes that the tool has matured enough to be deployed anywhere without causing operational hiccups.

As such, Target has decided to open-source the tool and share it with the community along with several detection rules to help “other cybersecurity teams stand up their own customized defense.”

The framework is available on the company’s GitHub page.

Source link

Click to comment

Leave a Reply



Calm, the meditation and relaxation tech startup featuring a medley of celebrity voices, has laid off a fifth of its staff. The company is...


Placeholder while article actions load The de facto leader of Samsung received a presidential pardon on Friday, wiping clean the billionaire scion’s criminal record...


COVINGTON, Ga. — One area team opened a new season with a win while the other began with a loss. Social Circle downed Newton...


The power of TikTok was on full display this week after a Houston woman went viral for rescuing a puppy discovered hidden in piles...

Online Business Success

A pump is seen at a gas station in Manhattan, New York City, US, on August 11, 2022. — Reuters Brent crude futures were...


Were you unable to attend Transform 2022? Check out all of the summit sessions in our on-demand library now! Watch here. Can AI-driven fitness...


You May Also Like


Introductions get a lot of attention. I’ve explored the topic of how to write them even though as a reader, I always skip them....

Online Business Success

The internet is now our nervous system. We are constantly streaming and buying and watching and liking, our brains locked into the global information...

SEO Guide

There are all kinds of pictures of the world on the internet, but to find one of these specific pictures that you want to...

Online Business Success

You can think of link building in many ways. I like to call it tedious, painful, and a test of patience. It’s also necessary...