The virus, of the lethal ‘Trojan’ family, has been named “Backoff” and is being seen spreading through computer networks which use Windows as their operating systems.
“It has been reported that variants of malware family dubbed as ‘Backoff’ targeting Point of Sale (POS) systems are spreading. The malware mainly infects windows based systems. The malware propagates by scanning for systems with remote desktop applications enabled.
“Successful compromise allows an attacker to infect the systems further with the POS malware so as to steal customer payment cards data like card holders name, account number, expiration data, CVV code among others from POS systems,” the CERT-In said in its latest advisory to Internet users in the country.
The CERT-In is the nodal agency to combat hacking, phishing and to fortify security-related defences of the Indian Internet domain.
The virus is so notorious that it is able to capture keystrokes and communicate with the command and control server for further hacking-like activity, the agency warned.
- Here’s Why Delhi-NCR Gets Pollution Code On Lines Of Beijing
- PM Modi Is More Interested In TRP Politics Rahul Gandhi At Congress Parliamentary Meet
- Bigg Boss 10 December 1 Review: Priyanka Jagga Succeeds In Her Divide And Rule Strategy
- Kahaani 2 Audience Reaction: Vidya Balan Starrer Thriller Gets Mixed Reviews
- Find Out What PM Modi Said About Demonetisation On LinkedIn
- Row Over West Bengal ”Military Coup” Issue Escalates: Who Said What
- Here’s How Mohammad Kaif Replied To Virender Sehwag’s Birthday Wish On Twitter
- West Bengal CM Mamata Banerjee’s Flight Reportedly Had Low Fuel: Here’s What Happened
- Reliance Jio Welcome Offer Extended Till March 31, JioMoney Launched
- Uri Attackers Came From Pakistan, Establishes Digital Data
- Bigg Boss 10 Nov 30 Episode Review: Captaincy Brings Differences In Manoj Punjabi & Manveer Gurjar
- Congress Vice President Rahul Gandhi’s Official Twitter Handle Hacked
- After Rahul Gandhi’s Twitter Handle, Congress Official Twitter Account Hacked
- 3 Dead As Army Helicopter Crashes In Sukna In West Bengal
- BJP, Congress Engage In War Of Words Over Nagrota Attack: Find Out More
Interestingly, the virus also possesses capability to inject malicious stub into Windows ‘Explorer.exe’ for persistence and in case the malicious file crashes or is stopped forcefully, the agency said.
Cybersecurity sleuths said the malware and all its variants remain “mostly undetected by the anti-virus vendors” which categorises it as a potent and big threat in the online world.
“The malware makes a network connection to various command and control servers and uses HTTP POST request to transfer the data of the victim system. The POST request generated from the victim machine consist of various parameters identifying different information about the infected machine,” the advisory said about the virus which can acquire at least three aliases to hide its evil designs.
The agency has suggested some countermeasures in this regard.
“Keep all POS systems thoroughly updated including POS application software, do not allow administrative access to systems, delete the system changes made by the malware such as files created or registry entries or services among others, limit or eliminate use of shared or group accounts, disable auto run or auto play.
“Do not visit untrusted websites, enable firewall at gateway or desktop level, do not download or open attachment in emails received from untrusted sources or unexpectedly received from trusted users and install and scan anti-malware engines and keep them up-to-date,” the agency recommended.