backoff


On October 28, 2014, we encountered an even newer version of the Backoff point-of-sale (PoS) malware which we are detecting as W32/Backoff.C!tr.spy. This newest version, with version name 211G1, was compiled close to a month after its predecessor ROM. Functionality-wise, 211G1 is very similar to ROM. An in-depth description of ROM can be found in our previous post. In this blog post, we will describe the modifications made in the newest version of the Backoff PoS malware family. Installation Firstly, 211G1 is now packed with a custom packer;... [Read More]
by RSS Hong Kei Chan  |  Nov 06, 2014  |  Filed in: Security Research
A few months have passed since the release of the “Backoff” point-of-sale (PoS) malware advisory, but Backoff and other PoS malware continue to be an active threat as businesses keep reporting data breaches and the compromise of their customers’ financial information. We have recently encountered a new version of the Backoff malware family, which we are detecting as W32/Backoff.B!tr.spy. Unlike previous versions, this one no longer uses a version number in the malware body, but just uses the version name ROM. ROM performs very similarly... [Read More]
by RSS Hong Kei Chan  |  Nov 03, 2014  |  Filed in: Security Research
On July 31, 2014, the United States Computer Emergency Readiness Team (US-CERT) published an advisory of a newly identified point-of-sale (PoS) malware dubbed “Backoff”. This family of PoS malware consists of three versions: 1.44, 1.55, and the most recent 1.56. Backoff variants began to have version names starting from version 1.55 (which used the names backoff, goo, MAY, and net); version 1.56 used the variant name LAST. In this blog post, we will briefly look at an overview of the Backoff malware before discussing the unique memory-parsing... [Read More]
by RSS Hong Kei Chan  |  Aug 07, 2014  |  Filed in: Security Research