A cryptojacking attack affected over 50% of all computing systems at a European international airport. The computers were infected with a cryptocurrency miner related to Monero (XMR), one of the largest cryptocurrency in the market.
Monero Mining Software Affects European Airport
According to a recent report released by Bleeping Computer, a cryptojacking attack has affected the computing systems of a European international airport. The malware was found by Cyberbit’s Endpoint Detection and Response team.
Apparently, employees were deploying a security solution that detected suspicious activity on some airport systems.
Cyberbit commented about it:
“The malware may have been used for months prior to the installation of Cyberbit EDR, although all workstations were equipped with an industry-standard antivirus.”
Despite having a negative impact on the systems’ performance and increasing power consumption, the miner didn’t affect the airport’s operations as a whole.
This malware that Cyberbit found at this airport, was first discovered by Zscaler more than a year ago. Furthermore, the company explained that just 16 of 73 detection products on VirusTotal detected the sample as malicious.
Hackers and malicious parties have been modifying the different mining malware in order to increase their success rate by making them more difficult to be found on the infected computer.
In addition to it, Cyberbit discovered the infection because the malware launched PAExec, a redistributable version of the Microsoft tool PsExec. This allows the attacker to execute processes remotely on other systems.
As per the report, they were able to launch an executable “in system mode” that made it possible to gain maximum user privileges on different compromised systems.
Considering the attacker had maximum privileges, it was possible for the miner to take priority over any other application for the use of workstation resources. At the same time, the administrative privileges make it difficult for the system to detect the malware.
The airport, which name or location is not provided, has been impacted in terms of performance. Miners consume computing resources and increase energy consumption.
XMR miners have been around for over two years. The cryptocurrency can be mined through CPU and GPU machines, which makes it much easier for attackers to steal energy and mine cryptocurrencies from other users.
CoinHive was one of the first ways to inject Monero mining malware on other websites with high traffic. Users navigating on those sites would then experience an increase in the computing resources they use which are being leveraged maliciously by the Monero miner.
It is worth mentioning that the Monero community has always been very helpful in trying to help individuals not to fall victim of these attacks.