Point of Sale (POS) malware has had its share of headlines this year. Now with the holiday shopping season underway POS systems will certainly be an enticing target for hackers to explore due to the payoff of thousands of fresh credit card numbers that will be run through these devices. “Backoff” is part of a recently discovered InfoStealer malware family aimed at Point of Sale systems. RSA’s research teams have conducted extensive research on the malware itself and the ecosystem that it operates within.
The goal of Backoff is to identify and steal credit card and transaction data through traditional memory scraping mechanisms also seen in other POS malware such as Alina, BlackPOS and Dexter. As usual, the malware uploads collected data to a hardcoded C2 that can also command the malware to update itself or download and install other malware.
Our RSA FirstWatch team has compiled a report that they call “The Full Story of the Backoff Trojan Operation” that describes the tactics and ecosystem along with some information related to attribution of the possible authors of the malware.
RSA‘s Incident Response team’s report on Backoff helps break down how RSA solutions such as RSA Security Analytics and RSA ECAT can be employed to alert an organization about this type of infection, helping to lead to expedited response time, reduced exposure, and subsequently assisting in stoping the attack before any data theft occurs. Additionally a digital appendix has been produced that includes Yara signatures and a Blacklist that can be imported into ECAT to help an organization quickly identify and categorize known files.
We hope that this information is informative as well as actionable and adds to your organization’s ability to thwart threats of this type. If you already subscribe to RSA Live, our threat intelligence feeds are continually updated as our research teams discover and identify indicators related to this and other malicious threats.
The post Understanding & Detecting Backoff POS Malware appeared first on Speaking of Security - The RSA Blog and Podcast.