Backoff malware gang hits Dairy Queen stores

The Backoff gang went out for ice cream over the summer, leaving their nasty calling card – point-of-sale (PoS) malware – to slurp payment card data from nearly 400 Dairy Queen stores in the US.

Dairy Queen on Thursday confirmed in a statement that it found Backoff malware on 395 ice cream shops and one Orange Julius shop in August.

The malware was found on systems that contained customers’ names, payment card numbers and expiry dates.

Dairy Queen says that it has no evidence that other personal data, such as Social Security numbers, payment card PINs or email addresses, were compromised in the malware infection, which it says has been contained.

Backoff is a type of malware called a RAM (Random Access Memory) scraper that works by scraping clear-text payment card data out of RAM on PoS computers. After it finds unencrypted card data, it sends it back to the criminals.

As the Secret Service said in an advisory sent out at the end of August, PoS malware is behind a string of PoS thefts at more than 1,000 US retailers.

Beyond Target, that includes Supervalu, The UPS Store, and now Dairy Queen.

There have been suggestions that Backoff is behind all of those breaches, but we haven’t seen the evidence supporting that.

And as Naked Security’s John Zorabedian notes, we’re not sure that it matters which variant is behind which breach.

A defense-in-depth strategy will help to protect against malware, as well as against a range of other potential security problems.

He’s got some tips for how both businesses and consumers can stay safe.

Dairy Queen will be offering free credit monitoring services to affected customers.

But credit monitoring doesn’t help us detect or prevent bogus charges on existing credit or debit cards.

Don’t rely on banks reaching out to you to tell you about suspicious charges – make sure you stay on top of monitoring your bank account and credit card statements!

Image of Dairy Queen courtesy of Ken Wolter / Shutterstock.com.