A security firm that worked with the government to identify point-of-sale (POS) malware, called “Backoff,” has detected two new variants of the threat.

On Monday, Karl Sigler, threat intelligence manager at Trustwave told SCMagazine.com that Backoff has grown to encompass variants similar to “LAST,” or version 1.56, the latest version of the threat.

Uncovered in late July, the malware scrapes memory from running processes on targeted devices and has been planted on retailers’ POS systems so criminals can pilfer consumers’ card data. The new Backoff variants, dubbed “Wed” and version “1.57” were discovered in the wild within the “past couple of weeks,” Sigler said.

“The variants seem to be very similar to LAST, so any existing detections [for the malware] should work just fine,” Sigler added.

The variant LAST was noted as injecting malicious stub into explorer.exe, so that Backoff could maintain persistence on affected devices if the executable crashes or is “forcefully stopped,” Trustwave revealed in an overview of the malware. LAST also includes support for multiple domain configurations, and uses modified code to create exfiltration threads for stealing card data, Trustwave said.

Read the Full Article: Source – SC Magazine
http://www.scmagazine.com/new-variants-of-pos-malware-backoff-found-as-infections-expand/article/367986/

 

source not found