According to the US-CERT advisory, the group behind the Backoff malware operation scanned the Internet to find potential victims by detecting installations of the remote-desktop software frequently used by service providers to manage the point-of-sale systems of their retail clients. The attackers look for remote desktop solutions like Microsoft’s Remote Desktop, Apple's Remote Desktop, Chrome Remote Desktop, Splashtop 2, Pulseway, and LogMeIn, according to the advisory. Once a potential target is identified, the group uses the equivalent of a digital sledgehammer, attempting to break into the system using a list of common passwords.