The U.S. Computer Emergency Readiness Team, a division of the Department of Homeland Security, has issued a warning to retailers about a new POS malware hack that has been detected. Dubbed "Backoff," the family of malware exploits has been found in three separate investigations, going back as far as October 2013.

Backoff uses a variety of methods to compromise the POS, including keylogging and injecting malicious code into explorer.exe. That second one is particularly nasty because it means the exploit will still be there if the machine is turned off or rebooted.

Also troubling is the fact that virtually no current anti-virus or anti-malware software is able to detect Backoff at this time.

At the time this advisory is released, the variants of the "Backoff" malware family are largely undetected by anti-virus vendors. However, shortly following the publication of this technical analysis, AV companies will quickly begin detecting the existing variants. It’s important to maintain up to date AV signatures and engines as new threats such as this are continually being added to your AV solution.

The full report from US-CERT offers dozens of very specific steps retailers need to take to secure their systems against Backoff. Trustwave Spiderlabs, which worked with US-CERT on the investigation, has a much more technical analysis of how the malware works on its blog, noting that "None of the techniques described within this write-up should be considered innovative, as the author simply made use of pre-existing practices when writing this malware. While this malware is not revolutionary, it should still be treated as a threat."