The virus, of the lethal ‘Trojan’ family, has been named “Backoff” and is being seen spreading through computer networks which use Windows as their operating systems.
“It has been reported that variants of malware family dubbed as ‘Backoff’ targeting Point of Sale (POS) systems are spreading. The malware mainly infects windows based systems. The malware propagates by scanning for systems with remote desktop applications enabled.
“Successful compromise allows an attacker to infect the systems further with the POS malware so as to steal customer payment cards data like card holders name, account number, expiration data, CVV code among others from POS systems,” the CERT-In said in its latest advisory to Internet users in the country.
- Bigg Boss 10 Day 3 Review: Celebs Fail To Do Well in First Task
- Airtel Offers 10GB Data At Rs 259 For New 4G Smartphone Users
- Aamir Khan Starrer Dangal’s Trailer Launched: First Impressions
- TMC Supporters Attack BJP Leader Babul Supriyo
- Sri Lankan Navy Apprehends 20 Indian Fishermen
- Hillary Clinton accuses Donald Trump of being Vladimir Putin’s ‘puppet’
- Senior UP Congress Leader Rita Bahuguna Joshi Joins BJP
- Missing JNU Student: VC Gives Ultimatum To Students Over ‘Illegal Confinement’
- US Presidential Debate: Donald Trump Calls Hillary Clinton ‘A Nasty Woman’
- Hasselblad True Zoom Mod Review
- Honor 8 First Look Video
- Apple Watch 2: Review, Price And Features
- Delhi HC Dismisses Kejriwal’s Plea For Stay In Criminal Defamation Case
- Gulzar Shares An Interesting Anecdote Behind The Lyrics of ‘Humne Dekhi Hai’ Song
- Diya Mirza Displays Her Painting Skills At An Art Festival In Mumbai
The CERT-In is the nodal agency to combat hacking, phishing and to fortify security-related defences of the Indian Internet domain.
The virus is so notorious that it is able to capture keystrokes and communicate with the command and control server for further hacking-like activity, the agency warned.
Interestingly, the virus also possesses capability to inject malicious stub into Windows ‘Explorer.exe’ for persistence and in case the malicious file crashes or is stopped forcefully, the agency said.
Cybersecurity sleuths said the malware and all its variants remain “mostly undetected by the anti-virus vendors” which categorises it as a potent and big threat in the online world.
“The malware makes a network connection to various command and control servers and uses HTTP POST request to transfer the data of the victim system. The POST request generated from the victim machine consist of various parameters identifying different information about the infected machine,” the advisory said about the virus which can acquire at least three aliases to hide its evil designs.
The agency has suggested some countermeasures in this regard.
“Keep all POS systems thoroughly updated including POS application software, do not allow administrative access to systems, delete the system changes made by the malware such as files created or registry entries or services among others, limit or eliminate use of shared or group accounts, disable auto run or auto play.
“Do not visit untrusted websites, enable firewall at gateway or desktop level, do not download or open attachment in emails received from untrusted sources or unexpectedly received from trusted users and install and scan anti-malware engines and keep them up-to-date,” the agency recommended.