Backoff

From HandWiki

Backoff is a kind of malware that targets point of sale (POS) systems.[1][2] It is used to steal credit card data from point of sale machines at retail stores.[3] Cybercriminals use Backoff to gather data from credit cards. It is installed via remote desktop type applications where POS systems are configured.[4] It belongs to the POS malware family as it is known to scrape the memory of POS devices.[5][6]

Operation

Backoff malware injects the malicious stub into the explorer.exe file to gain access to the POS machines and it scrapes the victim's machine memory from running the processes.[7] It searches this memory for leftover credit card data after a payment card has been swiped.[8] Cybercriminals have mutated different variants of Backoff while some of the variants are equipped with keylogging functionality.[9] Some of the Backoff variants have C2 component which helps the malware to upload the victim's personal data, download the malware onto the victim POS machine and to uninstall the malware.[10]

Incidents

Backoff Malware was aggressive and about 16.2% been infected in the third quarter of 2014. The survey by Department of Homeland Security (DHS) states that thousands of businesses have been infected by Backoff POS Malware.[11]

Network security company Damballa records a 57 percent infection increase from Backoff malware during August 2014.[12] Big companies like Home Depot, Target and Dairy Queen suffered from Backoff infection and many more smaller companies may be infected.

See also

References

  1. "About Backoff Malware". 31 July 2014. https://www.us-cert.gov/ncas/alerts/TA14-212A. 
  2. "Backoff Malware complete overview". https://securebox.comodo.com/pos-system/backoff-malware. 
  3. Lyne, James (26 August 2014). "Backoff malware hits credit card machines". https://www.forbes.com/sites/jameslyne/2014/08/26/backoff-malware-hits-1000-businesses-credit-card-machines-and-target/#2515c7ea5af4. 
  4. "Backoff Malware used by Cybercriminals". http://whatis.techtarget.com/definition/Backoff. 
  5. "Backoff malware-WHAT IS IT?". http://www.tripwire.com/state-of-security/incident-detection/backoff-pos-malware-are-you-infected-and-dont-know-it/. 
  6. "Memory Scrapping malware – Biggest Threat To the Retail". Stormshield. http://static1.squarespace.com/static/555fc02fe4b0767a7f081cfa/t/5615b66ee4b065af7af69daf/1444263534871/wp-Backoff+Analysis+White+Paper+2014+V3.pdf. 
  7. Walker, Zach (8 September 2014). ""Backoff" Point-of-Sale Malware: What You Need To Know". http://info.rippleshot.com/blog/backoff-point-sale-malware-need-know. 
  8. Kirk, Jeremy (24 October 2014). "The 'Backoff' malware used in retail data breaches is spreading | PCWorld". http://www.pcworld.com/article/2838732/the-backoff-malware-linked-to-data-breaches-is-spreading.html. 
  9. Walker, Danielle (3 November 2014). "New version of Backoff detected, malware variant dubbed 'ROM' - SC Magazine". http://www.scmagazine.com/new-version-of-backoff-detected-malware-variant-dubbed-rom/article/381054/. 
  10. Schwartz, Mathew J. (6 April 2015). "Why POS Malware Still Works - BankInfoSecurity". Information Security Media Group. http://www.bankinfosecurity.in/pos-malware-still-works-a-8044. 
  11. Sun, Bowen (15 December 2014). "A Survey of Point-of-Sale (POS) Malware". http://www.cse.wustl.edu/~jain/cse571-14/ftp/pos_security/index.html. 
  12. "Q3 State of Infections Report Reveals 57% Increase in Backoff Malware from August to September - Damballa". 24 October 2014. https://www.damballa.com/q3-state-infections-report-reveals-57-increase-backoff-malware-august-september/.