Backoff POS

The Backoff POS (Point-of-Sale) is an advanced malware threat targeting Point-of-Sale devices. The first traces of this malware's activity were identified in 2014, and the masterminds behind the campaign appear to target American businesses primarily. However, samples of the Backoff POS also were recovered from infected systems in Canada, the United Kingdom, Israel, Serbia and Bermuda. While the number of infected victims was low relatively, threats like the Backoff POS have a lot of growth potential due to their ability to target millions of businesses operating in thousands of industries.

The Backoff POS features are not surprising for malware of this sort, and it operates just like other major Point-of-Sale malware families. When it is planted on a computer, it will try to disguise its threatening components as a copy of the 'explorer.exe' Windows process. The implant's goal is to check the system's memory for any traces of credit card data periodically. Any information the implant manages to recover will be checked via a Luhn algorithm to see if it is a verified card number – this is a common check implemented in POS malware.

Attacks of this sort may be difficult to detect because the retailer or business that the hackers have infected will not notice anything out of the ordinary. Their customers, however, may have their credit card data collected by cybercriminals. Some new versions of the Backoff POS also supposedly contain a keylogging module, further enhancing the implant's attack capabilities.

Point-of-Sale devices are targeted by cybercriminals frequently, and, unfortunately, many businesses are yet to take the necessary precautions to protect their networks properly. As advanced as threats like the Backoff POS may be, their attacks are still preventable with the use of a suitable anti-virus software suite.