A new and ongoing threat that targets point of sale (POS) applications has emerged, as reported by USCERT. This threat gains access through brute forcing entry via remote access protocols such as Microsoft’s Remote Desktop, Apple Remote Desktop, Chrome Remote Desktop, Splashtop 2, Pulse Way, and LogMEIn Join.Me.
Once entry has been made, malware called Backoff is installed. This malware is designed to steal customer information to include payment information.
There are a number of things that can be done to protect you. USCERT just released the advisory, so antivirus applications will pick up on this and make updates to their signatures. At a minimum update your antivirus software definition/signatures. Other steps should be taken.
Contact ItsEmc2 at firstname.lastname@example.org today to see if you are at risk and for assistance at dealing with this risk.
Reference: USCERT Alert TA14-212A. https://www.us-cert.gov/ncas/alerts/TA14-212A