US CERT warning related to dangers of point-of-sale malware that attempts to steal credit card numbers and sensitive customer information 

https://www.us-cert.gov/ncas/alerts/TA14-212A

QUOTE: Over the past year, the Secret Service has responded to network intrusions at numerous businesses throughout the United States that have been impacted by the “Backoff” malware. Seven PoS system providers/vendors have confirmed that they have had multiple clients affected. Reporting continues on additional compromised locations, involving private sector entities of all sizes, and the Secret Service currently estimates that over 1,000 U.S. businesses are affected.

These variations have been seen as far back as October 2013 and continue to operate as of July 2014. In total, the malware typically consists of the following four capabilities. An exception is the earliest witnessed variant (1.4) which does not include keylogging functionality. Additionally, 1.55 ‘net’ removed the explorer.exe injection component:

* Scraping memory for track data
* Logging keystrokes
* Command & control (C2) communication
* Injecting malicious stub into explorer.exe