New PoS malware “Backoff” targets US
(Publication) Google search: [1]
New PoS malware “Backoff” targets US | |
---|---|
Botnet | Backoff, Alina |
Malware | |
Botnet/malware group | |
Exploit kits | |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2014 / 2014-08-06 |
Editor/Conference | Trend Micro |
Link | http://blog.trendmicro.com/trendlabs-security-intelligence/new-pos-malware-backoff-targets-us/ (Archive copy) |
Author | |
Type |
Abstract
“ Last week, the US Computer Emergency Readiness Team (US-CERT) reported about a newly discovered malware, dubbed “Backoff”, which targets point-of-sale (PoS) systems. Similar to other PoS malware such as Dexter and Scraper, Backoff is also used to steal financial information for malicious purposes.
Based on our analysis, when Backoff is executed, it copies itself into %Application Data%\OracleJava\javaw.exe and launches the copy in %Application Data% with parameter -m <path_to_original_backoff>. This will terminate the original Backoff process and delete the initial copy of itself. We have seen the same installation technique used in the Alina family of PoS RAM-scraping malware. More details of its routines can be found in the US-CERT article. This entry, however, focuses on the scope and breadth of its infection.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2014BFR1392, editor = {Trend Micro}, author = {}, title = {New PoS malware “Backoff” targets US}, date = {06}, month = Aug, year = {2014}, howpublished = {\url{http://blog.trendmicro.com/trendlabs-security-intelligence/new-pos-malware-backoff-targets-us/}}, }