More than 1,000 US businesses have been infected with a malicious program that targets point-of-sale systems and steals credit- and debit-card data, the US government warned over the weekend.
The malware, dubbed "Backoff" after a term used in its code, began spreading as early as October 2013 and has typically escaped notice by antivirus defenses. The US Computer Emergency Readiness Team (US-CERT), the Secret Service, and the National Cybersecurity and Communications Integration Center (NCCIC) initially published an analysis of the malware in late July, but the groups updated their advisory on Friday with the estimated business impacted.
"Over the past year, the Secret Service has responded to network intrusions at numerous businesses throughout the United States that have been impacted by the 'Backoff' malware," the advisory stated. "Seven PoS system providers/vendors have confirmed that they have had multiple clients affected. Reporting continues on additional compromised locations, involving private sector entities of all sizes."