More than 1,000 US businesses have been infected with a malicious program that targets point-of-sale systems and steals credit- and debit-card data, the US government warned over the weekend.

The malware, dubbed "Backoff" after a term used in its code, began spreading as early as October 2013 and has typically escaped notice by antivirus defenses. The US Computer Emergency Readiness Team (US-CERT), the Secret Service, and the National Cybersecurity and Communications Integration Center (NCCIC) initially published an analysis of the malware in late July, but the groups updated their advisory on Friday with the estimated business impacted.

"Over the past year, the Secret Service has responded to network intrusions at numerous businesses throughout the United States that have been impacted by the 'Backoff' malware," the advisory stated. "Seven PoS system providers/vendors have confirmed that they have had multiple clients affected. Reporting continues on additional compromised locations, involving private sector entities of all sizes."

Malware that targets point-of-sale systems has evolved quickly over the past two years. In November, cybercriminals using point-of-sale malware stole more than 40 million credit- and debit-card numbers—plus personal information on 70 million customers—from retail giant Target. Other programs, such as the whimsically named "Chewbacca," have infected dozens of retailers and restaurants.

According to the US-CERT advisory, the group behind the Backoff malware operation scanned the Internet to find potential victims by detecting installations of the remote-desktop software frequently used by service providers to manage the point-of-sale systems of their retail clients. The attackers look for remote desktop solutions like Microsoft’s Remote Desktop, Apple's Remote Desktop, Chrome Remote Desktop, Splashtop 2, Pulseway, and LogMeIn, according to the advisory. Once a potential target is identified, the group uses the equivalent of a digital sledgehammer, attempting to break into the system using a list of common passwords.

Such techniques are a common threat to small retail businesses, according to Trustwave, who helped the government agencies in their analysis of and response to the 'Backoff' program. A third of cybercrime attacks on businesses focused on the point-of-sales systems in 2013, according to the company's 2013 Global Security Report. In 31 percent of incidents, attackers exploited weak passwords to gain access to targeted systems.

"In the past year, POS malware evolved substantially compared to previous years," Trustwave stated in the report. "While parsing track data from memory and logging keystrokes on the victim’s machine is nothing new, we noted new developments in data exfiltration processes and command-and-control (C&C) functionality."

In the latest attack, once the attackers were able to guess the password to the system, they installed the Backoff program. The malware disguises itself as a Java component on the system and listens for credit-card transactions, storing them for later transmission to a command-and-control server, according to the US-CERT's original advisory.

The US-CERT advisory recommends, among other measures, that companies lockout remote-access accounts after a certain number of log-in attempts and restrict access through the firewall or gateway.