Backoff


Backoff is a kind of malware that targets point of sale systems. It is used to steal credit card data from point of sale machines at retail stores. Cybercriminals use Backoff to gather data from credit cards. It is installed via remote desktop type applications where POS systems are configured. It belongs to the POS malware family as it is known to scrape the memory of POS devices.

Operation

Backoff malware injects the malicious stub into the explorer.exe file to gain access to the POS machines and it scrapes the victim's machine memory from running the processes. It searches this memory for leftover credit card data after a payment card has been swiped. Cybercriminals have mutated different variants of Backoff while some of the variants are equipped with keylogging functionality. Some of the Backoff variants have C2 component which helps the malware to upload the victim's personal data, download the malware onto the victim POS machine and to uninstall the malware.

Incidents

Backoff Malware was aggressive and about 16.2% been infected in the third quarter of 2014. The survey by Department of Homeland Security states that about thousands of businesses have been infected by Backoff POS Malware.
Network security company Damballa records a 57 percent infection increase from Backoff malware during August 2014. Big companies like Home Depot, Target and Dairy Queen suffered from backoff infection and many more smaller companies may be infected.