More than 1,000 US companies have been infected with a malicious program that targets point-of-sale systems and steals credit- and debit-card data.United States Computer Emergency Readiness Team issued a statement saying that the “Backoff” malware was rife in U.S. businesses, taking over administrator accounts and removing customer data from several hundreds of companies.
"Over the past year, the Secret Service has responded to network intrusions at numerous businesses throughout the United States that have been impacted by the 'Backoff' malware," the advisory stated.
"Seven PoS system providers/vendors have confirmed that they have had multiple clients affected. Reporting continues on additional compromised locations, involving private sector entities of all sizes."
According to the US-CERT advisory, the group behind the Backoff malware operation scanned the Internet to find potential victims by detecting installations of the remote-desktop software frequently used by service providers to manage the point-of-sale systems of their retail clients.
The attackers look for remote desktop solutions like Microsoft’s Remote Desktop, Apple's Remote Desktop, Chrome Remote Desktop, Splashtop 2, Pulseway, and LogMeIn, according to the advisory.
Once a potential target is identified, the group uses the equivalent of a digital sledgehammer, attempting to break into the system using a list of common passwords.
According to the US-CERT's original advisory, in the latest attack once the attackers were able to guess the password to the system, they installed the Backoff program.
The malware disguises itself as a Java component on the system and listens for credit-card transactions, storing them for later transmission to a command-and-control server.
