Backoff

Backoff is a kind of malware that targets point of sale (POS) systems.^[1]^[2] It is used to steal credit card data from point of sale machines at retail stores.^[3] Cybercriminals use Backoff to gather data from credit cards. It is installed via remote desktop type applications where POS systems are configured.^[4] It belongs to the POS malware family as it is known to scrape the memory of POS devices.^[5]^[6]

Operation

Backoff malware injects the malicious stub into the explorer.exe file to gain access to the POS machines and it scrapes the victim's machine memory from running the processes.^[7] It searches this memory for leftover credit card data after a payment card has been swiped.^[8] Cybercriminals have mutated different variants of Backoff while some of the variants are equipped with keylogging functionality.^[9] Some of the Backoff variants have C2 component which helps the malware to upload the victim's personal data, download the malware onto the victim POS machine and to uninstall the malware.^[10]

Incidents

Backoff Malware was aggressive and about 16.2% been infected in the third quarter of 2014. The survey by Department of Homeland Security (DHS) states that thousands of businesses have been infected by Backoff POS Malware.^[11]

Network security company Damballa records a 57 percent infection increase from Backoff malware during August 2014.^[12] Big companies like Home Depot, Target and Dairy Queen suffered from Backoff infection and many more smaller companies may be infected.

References

↑ "About Backoff Malware". 31 July 2014. https://www.us-cert.gov/ncas/alerts/TA14-212A.
↑ "Backoff Malware complete overview". https://securebox.comodo.com/pos-system/backoff-malware.
↑ Lyne, James (26 August 2014). "Backoff malware hits credit card machines". https://www.forbes.com/sites/jameslyne/2014/08/26/backoff-malware-hits-1000-businesses-credit-card-machines-and-target/#2515c7ea5af4.
↑ "Backoff Malware used by Cybercriminals". http://whatis.techtarget.com/definition/Backoff.
↑ "Backoff malware-WHAT IS IT?". http://www.tripwire.com/state-of-security/incident-detection/backoff-pos-malware-are-you-infected-and-dont-know-it/.
↑ "Memory Scrapping malware – Biggest Threat To the Retail". Stormshield. http://static1.squarespace.com/static/555fc02fe4b0767a7f081cfa/t/5615b66ee4b065af7af69daf/1444263534871/wp-Backoff+Analysis+White+Paper+2014+V3.pdf.
↑ Walker, Zach (8 September 2014). ""Backoff" Point-of-Sale Malware: What You Need To Know". http://info.rippleshot.com/blog/backoff-point-sale-malware-need-know.
↑ Kirk, Jeremy (24 October 2014). "The 'Backoff' malware used in retail data breaches is spreading | PCWorld". http://www.pcworld.com/article/2838732/the-backoff-malware-linked-to-data-breaches-is-spreading.html.
↑ Walker, Danielle (3 November 2014). "New version of Backoff detected, malware variant dubbed 'ROM' - SC Magazine". http://www.scmagazine.com/new-version-of-backoff-detected-malware-variant-dubbed-rom/article/381054/.
↑ Schwartz, Mathew J. (6 April 2015). "Why POS Malware Still Works - BankInfoSecurity". Information Security Media Group. http://www.bankinfosecurity.in/pos-malware-still-works-a-8044.
↑ Sun, Bowen (15 December 2014). "A Survey of Point-of-Sale (POS) Malware". http://www.cse.wustl.edu/~jain/cse571-14/ftp/pos_security/index.html.
↑ "Q3 State of Infections Report Reveals 57% Increase in Backoff Malware from August to September - Damballa". 24 October 2014. https://www.damballa.com/q3-state-infections-report-reveals-57-increase-backoff-malware-august-september/.

0.00

(0 votes)

Original source: https://en.wikipedia.org/wiki/Backoff. Read more

[1] "About Backoff Malware". 31 July 2014. https://www.us-cert.gov/ncas/alerts/TA14-212A.

[2] "Backoff Malware complete overview". https://securebox.comodo.com/pos-system/backoff-malware.

[3] Lyne, James (26 August 2014). "Backoff malware hits credit card machines". https://www.forbes.com/sites/jameslyne/2014/08/26/backoff-malware-hits-1000-businesses-credit-card-machines-and-target/#2515c7ea5af4.

[4] "Backoff Malware used by Cybercriminals". http://whatis.techtarget.com/definition/Backoff.

[5] "Backoff malware-WHAT IS IT?". http://www.tripwire.com/state-of-security/incident-detection/backoff-pos-malware-are-you-infected-and-dont-know-it/.

[6] "Memory Scrapping malware – Biggest Threat To the Retail". Stormshield. http://static1.squarespace.com/static/555fc02fe4b0767a7f081cfa/t/5615b66ee4b065af7af69daf/1444263534871/wp-Backoff+Analysis+White+Paper+2014+V3.pdf.

[7] Walker, Zach (8 September 2014). ""Backoff" Point-of-Sale Malware: What You Need To Know". http://info.rippleshot.com/blog/backoff-point-sale-malware-need-know.

[8] Kirk, Jeremy (24 October 2014). "The 'Backoff' malware used in retail data breaches is spreading | PCWorld". http://www.pcworld.com/article/2838732/the-backoff-malware-linked-to-data-breaches-is-spreading.html.

[9] Walker, Danielle (3 November 2014). "New version of Backoff detected, malware variant dubbed 'ROM' - SC Magazine". http://www.scmagazine.com/new-version-of-backoff-detected-malware-variant-dubbed-rom/article/381054/.

[10] Schwartz, Mathew J. (6 April 2015). "Why POS Malware Still Works - BankInfoSecurity". Information Security Media Group. http://www.bankinfosecurity.in/pos-malware-still-works-a-8044.

[11] Sun, Bowen (15 December 2014). "A Survey of Point-of-Sale (POS) Malware". http://www.cse.wustl.edu/~jain/cse571-14/ftp/pos_security/index.html.

[12] "Q3 State of Infections Report Reveals 57% Increase in Backoff Malware from August to September - Damballa". 24 October 2014. https://www.damballa.com/q3-state-infections-report-reveals-57-increase-backoff-malware-august-september/.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]

v t e Malware topics
Infectious malware	Comparison of computer viruses Computer virus Computer worm List of computer worms Timeline of computer viruses and worms
Concealment	Backdoor Clickjacking Man-in-the-browser Man-in-the-middle Man-in-the-mobile Rootkit Trojan horse Zombie computer
Malware for profit	Adware Botnet Crimeware Form grabbing Fraudulent dialer Malbot Keystroke logging Privacy-invasive software Ransomware Rogue security software Scareware Spyware Web threats
By operating system	Android malware Classic Mac OS viruses iOS malware Linux malware MacOS malware Macro virus Mobile malware Palm OS viruses
Protection	Anti-keylogger Antivirus software Browser security Data loss prevention software Defensive computing Firewall Internet security Intrusion detection system Mobile security Network security
Countermeasures	Computer and network surveillance Honeypot Bot Roast

v t e Software distribution
Licenses	Beerware Floating licensing Free and open-source Free Open source Freely redistributable Proprietary Public domain Source-available
Compensation models	Adware Commercial software Retail software Crippleware Crowdfunding Freemium Freeware Pay what you want Careware Donationware Open-core model Postcardware Shareware Nagware
Delivery methods	Digital distribution File sharing On-premises Pre-installed Product bundling Retail software Sneakernet Software as a service
Deceptive and/or illicit	Unwanted software bundling Malware Spyware Trojan horse Worm Ransomware Scareware Shovelware Vaporware
Software release life cycle	Abandonware End-of-life Long-term support Software maintenance Software maintainer Software publisher
Copy protection	Digital rights management Software protection dongle Hardware restrictions License manager Product activation Product key Software copyright Software patent Torrent poisoning

Anonymous

Search

Backoff

Namespaces

More

Page actions

Contents

Operation

Incidents

See also

References

Navigation

Navigation

Help

Translate

Wiki tools

Wiki tools

Anonymous

Search

Backoff

Operation

Incidents

See also

References

Navigation

Wiki tools

Page tools

Other projects

Categories