Tuesday, Oct 21, 2014

Alert! ‘Backoff’trojan targeting Windows-based POS sytems to steal personal credit, debit card data

Alert! 'Backoff'trojan targeting Windows-based POS sytems to steal personal credit, debit card data Backoff trojan steals customer payment cards data like card holders name, account number, expiration data, CVV code among others from POS systems.
PTI | New Delhi | Posted: September 3, 2014 7:00 pm

The virus, of the lethal ‘Trojan’ family, has been named “Backoff” and is being seen spreading through computer networks which use Windows as their operating systems.

“It has been reported that variants of malware family dubbed as ‘Backoff’ targeting Point of Sale (POS) systems are spreading. The malware mainly infects windows based systems. The malware propagates by scanning for systems with remote desktop applications enabled.

“Successful compromise allows an attacker to infect the systems further with the POS malware so as to steal customer payment cards data like card holders name, account number, expiration data, CVV code among others from POS systems,” the CERT-In said in its latest advisory to Internet users in the country.

The CERT-In is the nodal agency to combat hacking, phishing and to fortify security-related defences of the Indian Internet domain.

The virus is so notorious that it is able to capture keystrokes and communicate with the command and control server for further hacking-like activity, the agency warned.

Interestingly, the virus also possesses capability to inject malicious stub into Windows ‘Explorer.exe’ for persistence and in case the malicious file crashes or is stopped forcefully, the agency said.

Cybersecurity sleuths said the malware and all its variants remain “mostly undetected by the anti-virus vendors” which categorises it as a potent and big threat in the online world.

“The malware makes a network connection to various command and control servers and uses HTTP POST request to transfer the data of the victim system. The POST request generated from the victim machine consist of various parameters identifying different information about the infected machine,” the advisory said about the virus which can acquire at least three aliases to hide its evil designs.

The agency has suggested some countermeasures in this regard.

“Keep all POS systems thoroughly updated including POS application software, do not allow administrative access to systems, delete the system changes made by the malware such as files created or registry entries or services among others, limit or eliminate use of shared or group accounts, disable auto run or auto play.

“Do not visit untrusted websites, enable firewall at gateway or desktop level, do not download or open attachment in emails received from untrusted sources or unexpectedly received from trusted users and install and scan anti-malware engines and keep them up-to-date,” the agency recommended.

comments powered by Disqus
Follow

Get every new post delivered to your Inbox.

Join 1,283 other followers