“Merry-Maker” Card Skimmer Scanner Tool Released As Open Source

To contain the rising incidents of web skimming attacks on e-stores, Target has released its tested scanning tool for all. Named “Merry-Maker”, Target has released its web skimmer scanner as open source on GitHub.

Target Merry-Maker Available As Open Source

Announcing the much helpful move in a blog post, the American e-commerce giant Target expressed its intentions to create a safer online environment for consumers.

Target is one of the oldest retail giants in America, running its online store successfully (and securely) since 2012.

As explained, Target started developing the scanning tool “Merry-Maker” after failing to find a robust solution to prevent digital skimming.

Also known as web skimming or card skimming, this malicious threat has long been a trouble for online stores. Despite various measures, the threat actors continue to find ways to infect e-store web pages with card skimming codes.

Nonetheless, Target’s indigenously developed scanning tool worked well to detect and prevent malicious codes. As described, Merry-Maker has performed over a million website scans successfully. Thus, the retail giant decided to release it publicly for everyone to benefit.

Regarding how it works, Target explained that the tool makes purchases on the respective website as a guest. During the transactions, it analyzes the details to detect any abnormal behaviors.

Merry Maker acts like a guest on Target.com by completing several typical activities including online purchases. While doing so, the tool gathers and analyzes a variety of information including network requests, JavaScript files, and browser activity to determine if there’s any type of unwanted activity.

Upon detecting anything suspicious, it triggers alerts in the background for remediation while completing the process usually.

This approach helps Target identify and remove malicious codes promptly while performing scans in near real-world scenarios.

The retail giant has released the tool as open source on GitHub while explaining more about it in a separate blog post.

Let us know your thoughts in the comments.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients