Request a Demo

What Is Backoff POS Malware and How to Prevent It

Businesses everywhere are always worried about POS security since there are so many viruses and spyware programs out there. At Comodo, we want to make it easier for you to achieve a secure Point-of-Sale system and offer our services and products to you. However, we also know the benefits of understanding the malware you’re up against, so we think it is best to explain Backoff POS malware and how it can affect you.


In short, this malware can exploit business administrator accounts remotely and gain access to consumer payment data to use at a later time or to sell illegally. It was most popular in 2014 and has caused a lot of network intrusions for many businesses in the US. A total of seven vendors and providers of POS systems have confirmed that clients were affected, and there are probably more out there.

It works by using remote desktop applications, such as Microsoft or Apple’s version. This allows IT departments and others to remotely connect to any computer on the network to make it simpler to fix problems. However, these can be located by thieves, who force the login feature of the remote desktop feature so they can gain access to the account. They can then upload the Backoff POS malware and steal information, mainly credit card numbers.


It is part of a POS malware family that has only been discovered in the past year. It has been witnessed by various investigations and researchers have confirmed that there are three variants to the malware. They have been in use since October 2013 and continue to be popular in some criminal circles. The Backoff POS malware can:

  • Scrape memory for tracking data
  • Log your keystrokes
  • Use command and control communication
  • Inject malicious code into the explorer.exe

If you’d like more information, please contact us today.