Backoff POS Malware is spreading in retail system

A type of malware that has been used to steal personal financial data from consumers at retail stores apparently is spreading rapidly in North American computers.

Infections of the point-of-sale malware, known as “Backoff,” jumped 57% from August through early September and then another 27% in September, according to a report released this week by the security company Damballa.

“Backoff” a specific type of point-of-sale malware designed to secretly steal online banking credentials by scraping computers’ RAMs for leftover credit card data after a payment card is swiped, according to Ankit Anubhav, a research scientist at McAfee Labs, an Intel Corp. company.

By recording a victim’s keystrokes, “Backoff” enables the attacker to gain specific login information, an important function as banking credentials are generally case sensitive, Anubhav said.

Damballa sees about 55 percent of internet traffic from North America, including DNS requests, though for privacy reasons it doesn’t know the IP addresses of most of those computers,  said Brian Foster, Damballa’s CTO.

The company runs a Hadoop cluster at its Atlanta headquarters, where it analyzes the DNS requests and classifies them as good or potentially malicious by looking at the servers being contacted.

“We actually attribute the behaviors we see—as well as the domain names and IP addresses that malware is looking up—to threat actors and threat groups,” Foster said.

“We track a set of domain characteristics and domain names that are related to Backoff, and it’s looking at the volume of those lookups that shows us the increase.”

"Enterprises that conduct payment transactions need to shift focus from trying to stop malware attacks from getting in, because motivated criminals will always find a way in, to detecting breaches early, before there is damage," he added. "Mobile payment methods seem to offer promise but not enough is known yet so the jury is still out on long-term security effectiveness."

For consumers, this means "don’t view security as a given, regardless of who you are handing your credit card to. Be aware, check your monthly card statements, sign up for credit monitoring, etc.," he said.