Home Malware Programs Trojans Backoff

Backoff

Posted: November 14, 2014

Threat Metric

Ranking: 9,323
Threat Level: 1/10
Infected PCs: 3,368
First Seen: November 14, 2014
Last Seen: October 11, 2023
OS(es) Affected: Windows

Backoff is a spyware family specializing in gathering credit card information from Point-of-Sale business systems. Major chains that have been compromised by Backoff campaigns include P.F. Chang's, K-Mart and Dairy Queen, with hundreds of individually-infected machines potentially yielding up information for thousands of customer credit cards. Along with all the usual security precautions standard to any business, malware researchers advise detecting and eliminating Backoff through standard anti-malware scans, due to its lack of distinct symptoms.

ROM: the New Version of Backoff getting Back in the Game

Backoff is a series of PoS Trojans that have gone through various revisions over the last few years, with their latest variant dubbed ROM. While ROM has removed the keyboard-logging functions of prior versions of Backoff, in other respects, all versions of Backoff include similar attack functions intended for compromising financial data. Despite its upgrades, even old versions of Backoff were highly successful in their campaigns, which stole information for millions of credit cards and warranted warnings from the U.S. Department of Homeland Security.

Backoff installers may be disguised to look like JavaScript patches or media player files. After Backoff compromises a PoS machine, Backoff searches through active memory processes for card information, using various methods of sorting out unwanted processes. Backoff protects any collected credit card data with encryption, which may prevent some standard security solutions from identifying the breach.

Because Backoff uses a memory-injection exploit to guarantee its persistence, terminating its process or even deleting its files will not necessarily remove Backoff from an infected PC, which may re-launch and reinstall itself, as necessary. Backoff also may receive additional instructions through its C&C communications, similar to any backdoor Trojan, which could allow Backoff to update itself, uninstall itself or modify its behavior in various ways.

Getting a Trojan to Back Off from Your Customers

Backoff has gone through multiple revisions before settling on its latest, ROM variant, which also is likely to see its replacement in the future. Threats that undergo such thorough maintenance and development are best identified and removed with similarly up-to-date anti-malware utilities. No distinct symptoms of Backoff infections are likely to be visible to casual PC users or employees conducting standard business operations. You should not expect to see visible memory processes or activities related to Backoff's attacks, and anti-malware alerts from installed software may be the only notification granted during the collection of countless customer credit cards' data.

Backoff and other PoS Trojans may offer enormous financial returns for little effort, provided that the responsible persons may compromise the business PCs in the first place. Sadly, Backoff's high rate of success among even major, international chains seems to corroborate with the claims of some PC security companies that PoS system security is 'a very bleak picture.'

Technical Details

Additional Information

The following URL's were detected:
https://feed.hdsportsearch.com/?q=https://feed.hdsportsearchs.com/?q=

Related Posts

Loading...