FortiGuard reseahcers of Fortinet has revealed the existence of a newer variant of the “Backoff” Point-of-Sale malware family. This new version detected as W32/Backoff.C!tr.spy, comes equipped with code that maps the image to its original base address before continuing to execute, putting even more roadblocks to the analysis process. Along with this the malware also hides itself in the user’s application data folder but, unlike the previous version, randomly selects a name from a predefined list.
This new malware incorporates sophisticated techniques which creates obstacles in the process of analysis. However, Fortinet has succeeded in blocking this new malware. The FortiGuard researchers detected the upgraded version of this virus on 3rd November. The malware performs functions like its predecessor, but leveraged a slew of new techniques that made the threat more difficult to detect and analyze.
The researchers witnessed that the malware authors are continuing to modify the threat in order to bypass security detection, and recommend that users continue to maintain updated antivirus software to better protect them from this evolving threat.