Target open source scanner for digital credit card skimmers


Target, one of America’s largest department store chains and e-commerce retailers, has opened “Merry Maker” – its years-old proprietary scanner for skimming payment cards.

A skimmer is malicious code injected into shopping sites to steal customers’ credit card data during checkout. The code can be hidden on the online store or it can be loaded from external resources, sometimes via a local element like a favicon.

As an open source Merry-Maker, Target helps online retailers combat the threat of credit card skimming that has plagued the industry for years.

The target solution

Target has been running its online store since 2002, offering nearly every product that can be found in the chain’s physical stores. The site is an attractive target for credit card thieves because it enjoys high traffic (Alexa rank: 200).

As the threat of credit card skimming grew, two of Target’s security engineers, Eric Brandel and Caleb Walch, took action and in 2018 they created “Merry Maker” to detect data-stealing code. payment cards.

The tool simulates real user activity through test transactions, which are flagged internally accordingly. It then collects and analyzes resulting network requests, JavaScript file activations, and any other signs of unwanted or suspicious activity.

Anti-skimmer Merry Maker

The scanner component of the Merry Maker framework inspects the events and determines the rules to apply. There is support for YARA rules, Indicators of Compromise (IoC), Unknown Domain rule.

Merry Maker anti-skimmer scanner

Merry Maker relies on Puppeteer – a Node.js component, to control the client-side scanner implemented through a headless browser (Headless Chrome), Target explains in a more technical report.

An admin dashboard displays “current system status and health”, recent alerts, number of pending events, and active scans.

Open Source Merry Maker

After more than a million scans on, the company believes the tool has matured enough to deploy anywhere without causing operational issues.

As such, Target decided to open up the tool and share it with the community along with several detection rules to help “other cybersecurity teams build their own custom defense.”

The framework is available on the company’s GitHub page.


About Author

Comments are closed.