So You Know - ALERT!!! 

WARNING: “Backoff” is a family of point of sale malware that has been discovered and continues to be present. Seven POS system providers/vendors have confirmed that they have had multiple clients affected. Reporting continues on additional compromised locations, involving private sector entities of all sizes, and the Secret Service currently estimates that over 1,000 U.S. businesses are affected.

The malware has four identified capabilities:

  1. Scraping memory for track data
  2. Logging keystrokes
  3. Command and control communications
  4. Injecting malicious stub into explorer.exe

Recent investigations revealed that malicious actors are using publicly available tools to locate businesses that use remote desktop applications. Remote desktop solutions like Microsoft's Remote Desktop [1], Apple Remote Desktop [2], Chrome Remote Desktop [3], Splashtop 2 [4], Pulseway [5] and LogMeIn [6] offer the convenience and efficiency of connecting to a computer from a remote location. Once these applications are located, the suspects attempted to brute force the login feature of the remote desktop solution. After gaining access to what was often administrator or privileged access accounts, the suspects were then able to deploy the point-of-sale (POS) malware and subsequently exfiltrate consumer payment data via an encrypted POST request.

The above information was provided to us from the United States Computer Emergency Readiness Team and was produced in collaboration with the National Cybersecurity and Communications Integration Center, the United States Secret Service, Financial Sector Information Sharing and Analysis Center and Trust wave Spiderlabs. The entire release can be viewed at