Backoff and BlackPOS Malware Breach Retailers Point of Sale Systems

Retailers worldwide have been scrambling to maintain secure POS(point of sale) systems after the latest security breaches to corporations such as UPS, Target and, most recently, Home Depot. Larger corporations should not be the only ones concerned. According to the RSA Conference blog post, “Understanding PoS Malware Infecting Retailers,” the malware involved is simple to implement and the source code is easily accessed from online criminal forums. It is difficult to detect the network breaches, making it even more challenging to discover the issue immediately. It was recently learned that a new version of BlackPOS, or Kaptoxa, the malware responsible for the Target breach, was also the culprit behind the Home Depot breach. This updated version of BlackPOS could have been stealing customer information for months. Another malware software known as Backoff, has affected 1,000 businesses and seven POS vendors,as estimated by the Secret Service.

Even in light of recent retailer breaches, this doesn’t mean companies will always take the necessary precautions to secure their networks and POS systems. In the DarkReading article, “Backoff, Dairy Queen, UPS & Retail`s Growing PoS Security Problem,” Lev Lesokhin, executive vice president at CAST Software, states:

“..The question is to what extent is it becoming a learned helplessness?”

Does this mean that retailers are going to look at this problem as the inevitable and not put the necessary time and effort into creating a secure system? This is the question posed by Lesokhin but there are still simple steps that companies can follow to ensure they are doing everything to protect their customers. The DarkReading article also notes that “cleaner code tends to lead to more secure code,” meaning software security vendors and retailers can both take measures to reduce network weaknesses.

According to the PCI Security Council, retailers should maintain the most recent and up to date version of their malware prevention software and make sure there is detection for Backoff and other similar types of point of sale malware. System logs should be reviewed for abnormal activity and large data files being sent to unknown sources. Companies should require that all passwords be updated regularly and provide instruction to staff on creating secure passwords. There are many other procedures that can be done, and the PCI provides more detailed information in their “Bulletin on Malware Related to Recent Breach Incidents.”

For questions regarding this article or for information on wolfSSL’s embedded security library, please contact us at

RSA Conference Blog
Krebson Security
PC World
PCI Security Standards