“Backoff” Tracking Memory, Taking Credit

Computer security conceptNews has arrived of “Backoff,” another point of sale (POS) malware now plaguing retailers.

In an Arstechnica.com post, “Stealthy New Malware Snatching Credit Cards From Retailers’ POS Systems,” Backoff is described as a variant of the malware installed on point of sale systems that was used in a series of recent attacks by cyber criminals. 

The post notes that the malware scrapes credit card data out of the infected computer’s memory, one characteristic it shares with Target’s point of sale systems attack last year.

As the only full-service point of sale provider — from software development to franchise incubator to ongoing support — part of Sintel’s commitment to our customers and business community is to share relevant ideas, information and industry news. 

Here are the highlights of the Arstechnica.com post:

• The initial alert was given by the U.S. Computer Emergency Response Team (CERT), in cooperation with the Secret Service and researchers at Trustwave’s Spiderlabs. Backoff was discovered installed on point-of-sale systems used in a series of recent attacks by cyber criminals.

• Before Backoff’s discovery, researchers found it had a “zero percent detection rate” on commercial antivirus products.

• Malware such as Backoff is used to collect credit cards and other transaction data taken from point of sale machines, a big target for hackers. The data is then resold or used to create fraudulent credit cards.

• The researchers also said the Backoff-based attacks were reminiscent of the 2011 Subway franchise attacks, a case where hackers used remote desktop software left active on the machines to gain entry, either by brute-force password attacks or by taking advantage of a default password, and then installing the malware on the hacked system.

• Among Backoff’s specific technical aspects noted by CERT in the Arstechnica.com post are:

– Backoff is Windows-specific malware that runs in the background watching memory for “track” data from credit card swipes.

– Backoff also runs a keylogger, recording the infected machine’s keyboard keystrokes, which may be further analyzed.

– Backoff also installs a malicious stub in Windows Explorer that allows it to reload the in-memory component if it crashes.

– Backoff communicates with the criminals’ command and control network to send home captured credit card data as well as check for malware updates.

• “Because of the way that it has been used thus far, Backoff is likely more of a threat to smaller retailers and franchises, who commonly use remote desktop software to allow business managers to connect in from another store or allow remote software support,” writes Arstechnica.com. “But it could be used on a larger scale in the hands of a more sophisticated cybercrime ring.”

Read the full ArsTechnica.com post here.

For more insights into point of sale security, check out our related posts, Criminals Hit Their Target, 40 Million Cards AffectedTarget Hack Claims Its Final Victim, EMV Technology Chips Away at Credit Card Fraud, and Target Acquisition.

Just as Sintel shares our vast point of sale experience and expertise with startup owners in order to help them make the best decisions from the very beginning, we are happy to share articles, advice and commentary about retail point of sale and security.

Whether you’re a first-time franchise hopeful, a small business owner or an established chain, it’s always smart to stay on top of the latest POS best security practices to achieve financial success.

If you are interested in learning more about Sintel’s point of sale systems and how our knowledge and support can impact your future success, call us for a complimentary phone consultation.

Sintel Systems is the only direct to end user full-service provider of tailored Point of Sale systems across retail, restaurant and service industries, including frozen yogurt shopspizzeriassushi restaurantscafés and retail stores.

As a single source for business solutions, our experienced, knowledgeable team negotiates the complex POS landscape for you to enable you to find the right POS system for your business and budget. Hardware – Software – Support

Questions or Comments: Contact us 855-POS-SALES www.SintelSystems.com

Leave a comment