According to the US Homeland Security Department, over 1,000 US retailers could be infected by a malware virus, which in result can comprise sensitive card and payment data.
In a statement released late last week, the government office urges all retailers with card swiping POS systems to search their back-office for any files or software called “Backoff”. The Backoff malware was first unveiled back in October 2013, and the Homeland Security Department offers information and instructions on finding and removing it from card terminal systems.
We posted last week on UPS’s malware incident which infected 51 of its stores. According to the US government, the virus is in fact the same.
This is in no affiliation to the now iconic Target security breach which resulted in over 40 million cards being compromised. Whereas Target’s terminals were infected in-store, the Backoff malware infects payment systems by finding insufficiently protected remote access points and duping computer users to download malware, one of the oldest malware tricks in the book.
ACY Securities Supports ASIC’s Product Intervention OrderGo to article >>
“Once the bad guys realized they were able to penetrate larger networks, they saw the opportunity to develop malware that’s specifically for credit cards and can evade antivirus programs,” Jerome Segura, a senior security researcher at cybersecurity software firm Malware Bytes told the Associated Press.
Malware and security breaches such as these are speeding up the introduction of EMV/Pin & Chip secure cards. While offering one more step for in-store verification, the move is expected to increase online payment fraud given the technology is redundant in Card-not-Present environments.