Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

Target Open Sources Web Skimmer Detection Tool

Retail giant Target this week announced the open source availability of an internal tool designed for the detection of web skimming attacks.

Retail giant Target this week announced the open source availability of an internal tool designed for the detection of web skimming attacks.

Dubbed Merry Maker, the tool analyzes payment page code served to users and network traffic from test payment transactions to identify any malicious indicators. The company says it has been using the tool since 2018 to perform more than one million website scans.

In addition to simulating a real site visitor and saving the generated code and network activity for analysis, the utility searches for new and known malicious domains and creates an alert when any is identified. The tool supports Basic, Kafka, and GoAlert alerts.

[READ: New Open Source Tool Helps Identify EtherNet/IP Stacks for ICS Research]

“Merry Maker continually simulates online browsing and completes test transactions to scan for the presence of malicious code. Merry Maker acts like a guest on Target.com by completing several typical activities including online purchases. While doing so, the tool gathers and analyzes a variety of information including network requests, JavaScript files, and browser activity to determine if there’s any type of unwanted activity,” Target explains.

All purchases made by Merry Maker are flagged as tests internally and are not processed, but all other operations are performed just as they would normally be during checkout.

The tool can also help identify data exfiltration attempts by running Yara rules, which also allows it to detect credit card numbers or specific data. Furthermore, it can capture the Document Object Model (DOM) state at any moment.

Merry Maker, which uses Puppeteer and Headless Chrome, was open sourced alongside several detection rules, but Target says the tool also allows for the addition of new detections via Typescript.

Advertisement. Scroll to continue reading.

Related: Google, Adobe Announce New Open Source Security Tools

Related: RPC Firewall Dubbed ‘Ransomware Kill Switch’ Released to Open Source

Related: New Google Tool Helps Developers Visualize Dependencies of Open Source Projects

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Data Protection

While quantum-based attacks are still in the future, organizations must think about how to defend data in transit when encryption no longer works.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...