Сlarity and Trust – We take pride in being the site where you can feel free to express your opinion and leave feedback. Whenever you click on the websites of products reviewed by us, we participate in the revenue sharing and get commissions that help us maintain our project. Read more about how we work.

Target Open-Source Web Skimmer Scanner

Now Reading
Target Open-Source Web Skimmer Scanner

Target (one of the largest e-commerce retailers in the US, which also owns a supermarket chain) has open-sourced an internal Merry Maker tool that the company has been using since 2018. The scanner allows determining whether the site has been compromised and whether it contains malicious code that steals customer payment card data.

Let me remind you that web skimmers are also called MageCart attacks. Initially, the name MageCart was given to one hack group, which was the first to inject malicious code into websites in order to steal bank card data. As part of such attacks, hackers break into websites and then inject malicious code on their pages that records and steals payment card information that users enter during checkout.

Since launching in 2018, Merry Maker has completed over a million website crawls and we have filed several patent applications. The tool was launched right before Thanksgiving in 2018, and we named it accordingly, because it can help make the holiday shopping season – and any other purchases – safer and more fun.the developers say.

The previously proprietary Merry Maker was built to work with e-commerce portals and behaves like a real user: it can browse product pages, search for specific items, add products to the cart, and enter payment details on the checkout form.

At the same time, Merry Maker checks in real time how the resource reacts to all these actions, and performs continuous analysis of any code that the site loads and executes. All code is matched against lists of known indicators of compromise and YARA rules for known threats. For example, domain names, IP addresses, and JavaScript files are matched against those previously used in web skimmer attacks. When it detects a problem, Merry Maker warns you about it in a message on the control panel.

Target open source

The Merry Maker code is already published on GitHub.

Let me remind you that we also wrote that Comodo will open endpoint detection and response (EDR) product source code, and also that Canon sends instructions to customers on how to bypass their own cartridge protection.

What's your reaction?
Love It
Like It
Want It
Had It
Hated It
About The Author
Vladimir Krasnogolovy
Leave a response

Leave a Response