Top

Back off! I have your credit card details

A deadly malware, which crawls for credit and debit card details, could be on your computer

Backoff, a deadly malware, has been detected in the Indian cyberspace. The malware is a simple exe file and resides on computers with the Windows operating system. The malware uses applications in the background to hack or steal details such as credit / debit card details, passwords and login IDs.

The malware, named as ‘Backoff’, is a type of EXE file associated with Third-Party Application developed by Windows Software Developer for the Windows Operating System. The latest known version of Backoff.exe is 1.0, which was produced for Windows 7. This EXE file carries a popularity rating of 1 stars and a security rating of "UNKNOWN".

“It has been reported that variants of malware family dubbed as 'Backoff' targeting Point of Sale (POS) systems are spreading. The malware mainly infects windows based systems. The malware propagates by scanning for systems with remote desktop applications enabled. Successful compromise allows an attacker to infect the systems further with the POS malware so as to steal customer payment cards data like card holders name, account number, expiration data, CVV code among others from POS systems," the CERT-In said in its latest advisory to Internet users in the country.

The CERT-In is the nodal agency to combat hacking, phishing and to fortify security-related defences of the Indian Internet domain.

The virus is so notorious that it can capture keystrokes and communicate with the command and control server for further hacking-like activity, the agency warned.

Interestingly, the virus also possesses a capability to inject malicious stub into Windows 'Explorer.exe' for persistence and in case the malicious file crashes or is stopped forcefully, the agency said.

Cybersecurity sleuths said the malware and all its variants remain "mostly undetected by the anti-virus vendors" which categorises it as a potent and big threat in the online world.

"The malware makes a network connection to various command and control servers and uses HTTP POST request to transfer the data of the victim system. The POST request generated from the victim machine consists of various parameters identifying different information about the infected machine," the advisory said about the virus which can acquire at least three aliases to hide its evil designs.

The agency has suggested some countermeasures in this regard.

"Keep all POS systems thoroughly updated including POS application software, do not allow administrative access to systems, delete the system changes made by the malware such as files created or registry entries or services among others, limit or eliminate the use of shared or group accounts, disable auto run or auto play.

"Do not visit untrusted websites, enable firewall at gateway or desktop level, do not download or open attachment in emails received from untrusted sources or unexpectedly received from trusted users and install and scan anti-malware engines and keep them up-to-date,"Backoff, a deadly malware, has been detected in the Indian cyberspace. The malware is a simple exe file and resides on computers with the Windows operating system. The malware uses applications in the background to hack or steal details such as credit / debit card details, passwords and login IDs.

The malware, named as ‘Backoff’, is a type of EXE file associated with Third-Party Application developed by Windows Software Developer for the Windows Operating System. The latest known version of Backoff.exe is 1.0, which was produced for Windows 7. This EXE file carries a popularity rating of 1 stars and a security rating of "UNKNOWN".

“It has been reported that variants of malware family dubbed as 'Backoff' targeting Point of Sale (POS) systems are spreading. The malware mainly infects windows based systems. The malware propagates by scanning for systems with remote desktop applications enabled. Successful compromise allows an attacker to infect the systems further with the POS malware so as to steal customer payment cards data like card holders name, account number, expiration data, CVV code among others from POS systems," the CERT-In said in its latest advisory to Internet users in the country.

The CERT-In is the nodal agency to combat hacking, phishing and to fortify security-related defences of the Indian Internet domain.

The virus is so notorious that it can capture keystrokes and communicate with the command and control server for further hacking-like activity, the agency warned.

Interestingly, the virus also possesses a capability to inject malicious stub into Windows 'Explorer.exe' for persistence and in case the malicious file crashes or is stopped forcefully, the agency said.

Cybersecurity sleuths said the malware and all its variants remain "mostly undetected by the anti-virus vendors" which categorises it as a potent and big threat in the online world.

"The malware makes a network connection to various command and control servers and uses HTTP POST request to transfer the data of the victim system. The POST request generated from the victim machine consists of various parameters identifying different information about the infected machine," the advisory said about the virus which can acquire at least three aliases to hide its evil designs.

The agency has suggested some countermeasures in this regard.

"Keep all POS systems thoroughly updated including POS application software, do not allow administrative access to systems, delete the system changes made by the malware such as files created or registry entries or services among others, limit or eliminate the use of shared or group accounts, disable auto run or auto play.

"Do not visit untrusted websites, enable firewall at gateway or desktop level, do not download or open attachment in emails received from untrusted sources or unexpectedly received from trusted users and install and scan anti-malware engines and keep them up-to-date,"

( Source : PTI )
Next Story