Results for backoff

Threat Research

211G1 – An Update to Backoff’s ROM

On October 28, 2014, we encountered an even newer version of the Backoff point-of-sale (PoS) malware which we are detecting as W32/Backoff.C!tr.spy. This newest version, with version name 211G1, was compiled close to a month after its predecessor ROM. Functionality-wise, 211G1 is very similar to ROM. An in-depth description of ROM can be found in our previous post. In this blog post, we will describe the modifications made in the newest version of the Backoff PoS malware family. Installation Firstly, 211G1 is now packed with a custom packer;...

By Hong Kei ChanNovember 06, 2014

Threat Research

ROM – A New Version of the Backoff PoS Malware

A few months have passed since the release of the “Backoff” point-of-sale (PoS) malware advisory, but Backoff and other PoS malware continue to be an active threat as businesses keep reporting data breaches and the compromise of their customers’ financial information. We have recently encountered a new version of the Backoff malware family, which we are detecting as W32/Backoff.B!tr.spy. Unlike previous versions, this one no longer uses a version number in the malware body, but just uses the version name ROM. ROM performs very similarly...

By Hong Kei ChanNovember 03, 2014

Threat Research

An Analysis of the Backoff PoS Malware

On July 31, 2014, the United States Computer Emergency Readiness Team (US-CERT) published an advisory of a newly identified point-of-sale (PoS) malware dubbed “Backoff”. This family of PoS malware consists of three versions: 1.44, 1.55, and the most recent 1.56. Backoff variants began to have version names starting from version 1.55 (which used the names backoff, goo, MAY, and net); version 1.56 used the variant name LAST. In this blog post, we will briefly look at an overview of the Backoff malware before discussing the unique memory-parsing...

By Hong Kei ChanAugust 07, 2014