Casa > cibernético Notícias > Backoff Point-of-Sale Malware with a New Version

Backoff Point-of-Sale Malware com uma nova versão

Backoff Point-of-Sale Malware com uma nova versãoUma variante nova e atualizado do malware Backoff, também conhecido como ROM, Foi detectado por especialistas em segurança recentemente.
Researchers with Fortinet reported that the new version of the point of sale malware is almost the same as the previous one. Security products detect ROM as W32/Backoff.B!tr.spy. The body of ROM does not contain a version number.

The New Backoff MalwareWhat’s Different?

What’s new is the ability to avoid detection and block the process of analysis. Rom does not hide as a Java component anymore; instead it disguises as a media player – mplaterc.exe. As soon as the malware copies itself to the targeted computer, it calls on an API, WinExec. To avoid the process of analysis, the API takes over names with hashed values.

Fortinet analysts report that ROM is capable of extracting Track 1 and Track 2 information from PoS terminals, just like Backoff. The malware ignores predetermined processes from being analyzed and uses a list of hashed values when it compares the process name against its hard coded blacklist. ROM can also store data from stolen credit cards. The information is encrypted with two hard-coded strings on the system. The researchers say that ROM communicates with the C&C server over port 443, que também é criptografado. This makes the process of detection quite difficult.

Initially detected in August, the malware possesses the following traits:

  • Data theft
  • Memory scraping
  • Exfiltration
  • Injection
  • keylogging

Curiosamente, the last feature is not to be found in ROM.

Alegadamente, sobre 400 locations were hit by Backoff in the past month, extorting users’ names, credit card numbers and expiration dates. Back in August, researchers with Kaspersky Lab reported over 1000 infections in the USA alone.


Berta Bilbao

Berta é um pesquisador de malware dedicado, sonhando para um espaço cibernético mais seguro. Seu fascínio com a segurança de TI começou há alguns anos atrás, quando um malware bloqueado la fora de seu próprio computador.

mais Posts

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

Compartilhar no Facebook Compartilhar
Compartilhar no Twitter chilrear
Compartilhar no Google Plus Compartilhar
Partilhar no Linkedin Compartilhar
Compartilhar no Digg Compartilhar
Compartilhar no Reddit Compartilhar
Partilhar no StumbleUpon Compartilhar