‘Backoff” is a malware that targets remote access software for entry into POS systems. The U.S. Department of Homeland Security has come out with a report linking this malware to several recent breaches across the country. The report says that the malware had been active as late as July 2014.
“The Backoff malware is initially installed onto PoS devices via remote desktop applications in use by employees of potential targets. Then, attackers simply brute force the login credentials for applications such as Microsoft’s Remote Desktop and Splashtop, which the report noted were often being used by employees with administrator or privileged access accounts.”
“Once the Backoff malware is installed, the attackers also inject malicious code into the explorer.exe process so that malware is able to function if the executable is stopped.” Read report.