POS System of Mizado Cocina Infected by “Backoff” Malware

Softpedia.com reported on 21st August, 2014 stating that Mizado Cocina restaurant in New Orleans (United States of America) found their payment systems leaked debit and credit card information to an unknown imposter who is using the Backoff Point-Of-Sale (PoS) malware.

The restaurant came to know about this only when a third-party forensic investigation company informed them on 31st July, 2014 that an attacker installed malicious software on their systems to try to steal information about their customer's credit card.

Earlier also the restaurant observed signs of intrusion as clients reported fake transactions soon after dining at Mizado Cocina.

It became clear after forensic investigation that the payment systems had been infected with malicious software and the hardware was replaced.

The breached system was analyzed and it was revealed that around 8,000 cards of individuals were impacted which were processed by the infected PoS between 9th May and 18th July.

The restaurant announced publicly that the names, card numbers, CVV security codes and expiry dates of customers were compromised during the incident.

It is RAM (Random-Access Memory) scraper which is a part of a new malware family Backoff which can capture data stored in memory. It can log keystrokes and collect details of payment card stored in memory immediately when it is swiped and before encryption of the information. Researchers and law enforcement authorities first encountered Backoff in October 2013 but most major antivirus tools did not detect it till then.

The restaurant claimed to contact and request those customers who dined between the given time-frame (9th May to 18th July, 2014) to review their account statements and notify credit card companies and monitor credit reports to prevent theft of identity.

Nola.com published news on 19th August, 2014 quoting news release of Chris Rodrigue, CEO of Taste Buds Management which operates Mizado Cocina as "As per the advice about security compromise of our point of sale system, we have been working continuously with the credit card processors, appropriate law enforcement authorities and forensic experts to investigate the security compromise to ensure protection of debit and credit card information of our guests.

» SPAMfighter News - 8/30/2014