Backoff is a kind of malware that targets point of sale (POS) systems.[1][2] It is used to steal credit card data from point of sale machines at retail stores.[3] Cybercriminals use Backoff to gather data from credit cards. It is installed via remote desktop type applications where POS systems are configured.[4] It belongs to the POS malware family as it is known to scrape the memory of POS devices.[5][6]


Backoff malware injects the malicious stub into the explorer.exe file to gain access to the POS machines and it scrapes the victim’s machine memory from running the processes.[7] It searches this memory for leftover credit card data after a payment card has been swiped.[8] Cybercriminals have mutated different variants of Backoff while some of the variants are equipped with keylogging functionality.[9] Some of the Backoff variants have C2 component which helps the malware to upload the victim’s personal data, download the malware onto the victim POS machine and to uninstall the malware.[10]


Backoff Malware was aggressive and about 16.2% been infected in the third quarter of 2014. The survey by Department of Homeland Security(DHS) states that about thousands of businesses have been infected by Backoff POS Malware.[11]

Network security company Damballa records a 57 percent infection increase from Backoff malware during August 2014.[12] Big companies like Home Depot, Target and Dairy Queen suffered from backoff infection and many more smaller companies may be infected.


  1. ^“About Backoff Malware”. US-CERT. 31 July 2014. Retrieved 2014-07-31.
  2. ^“Backoff Malware complete overview”. Comodo. Retrieved 2014-07-31.
  3. ^Lyne, James (26 August 2014). “Backoff malware hits credit card machines”. Forbes. Retrieved 2014-08-26.
  4. ^“Backoff Malware used by Cybercriminals”.
  5. ^“Backoff malware-WHAT IS IT?”. Retrieved 2014-08-26.
  6. ^“Memory Scrapping malware – Biggest Threat To the Retail” (PDF). Stormshield. Archived from the original (PDF) on 20 August 2016. Retrieved 2014-01-03.
  7. ^Walker, Zach (8 September 2014). “”Backoff” Point-of-Sale Malware: What You Need To Know”. Rippleshot. Archived from the original on 31 October 2014. Retrieved 2014-09-08.
  8. ^Kirk, Jeremy (24 October 2014). “The ‘Backoff’ malware used in retail data breaches is spreading | PCWorld”. PC World. Archived from the original on 26 October 2014.
  9. ^Walker, Danielle (3 November 2014). “New version of Backoff detected, malware variant dubbed ‘ROM’ – SC Magazine”. SC Magazine. Archived from the original on 10 November 2014. Retrieved 2014-11-03.
  10. ^Schwartz, Mathew J. (6 April 2015). “Why POS Malware Still Works – BankInfoSecurity”. BankInfoSecurity. Information Security Media Group. Archived from the original on 18 March 2016. Retrieved 2015-04-06.
  11. ^Sun, Bowen (15 December 2014). “A Survey of Point-of-Sale (POS) Malware”.
  12. ^“Q3 State of Infections Report Reveals 57% Increase in Backoff Malware from August to September – Damballa”. Damballa. 24 October 2014. Archived from the original on 24 February 2017. Retrieved 23 February 2017.

Ofer Abarbanel online library

Ofer Abarbanel online library

Ofer Abarbanel online library