Half of the airport’s workstations infected with a crypto mining software

[Kakmakr]

Yea, we had the "W32/CoinMiner.g" at work for a while and the latest anti-virus software with updates did not want to remove it. We send the virus to the AV Software company and they engineered a solution and it was gone within a day or two. 

I sometimes wonder how many of these mining "bots" are running out there and how much the owner of these bots are actually getting from this. AV Software companies are catching up on this new trend and they are focusing some more effort on stopping this now. 

[1714853916]

1714853916

[lobat999]

This is a lesson for I.T personnels - to ensure that optimal defenses of their mission critical systems are always in place! Had that malware not been discovered earlier or otherwise it had another nasty malicious payload to wreak havoc on those systems, the damage could stop airport operations because such a security breach could halt flight schedules worldwide thereby causing a ripple effect on international flights schedules.

I guess its the job of the system administrator to maintain the security of those workstations and I think he/she should take the blame for it. Moreover, this also shows the importance of having regular security audits to endure these types of malware cannot breach computer systems.

[blckhawk]

This has not only affected the airport operations, but also the perception of crypto to people. The innocent ones would think crypto as a medium to carry virus to workstations, which is wrong and could decrease the trust of the public to crypto-space in general.

Their virus definitions should be always up-to-date to counteract and prevent malwares such as this. Their antivirus providers, also must be reliable because they may be the problem. This mining malwares impose great risk to public places, such as airports, since system slowdown may affect communications and other operations, which are critical to public safety.

[teosanru]

I think this a pretty infectious malware rattling around in a lot of computers. The main problem is that this malware doesn't has any GUI it just continues to run in your task manager services and that is the only place from where you can shut it down. I highly doubt that a lot of computers have been infected by this virus. But airport's workstations are really designed to be much more secure than normal Personal computes if those are infected at such a large scale I highly doubt that it's even stinking around in my PC Too. I heard that even Piratebay and such torrent sites mine crypto using your pcs secretly.

[DdmrDdmr]

Just to be specific on the scope, and unspecific as to the location, the blog article does reference that the findings occurred at a (nameless) international airport in Europe.

While rolling out Cyberbit’s  Endpoint Detection and Response (EDR) in an international airport in Europe, our researchers identified an interesting crypto mining infection, where cryptocurrency mining software was installed on more than 50% of the airport’s workstations.

That does not mitigate the issue, but the context of their findings aren't generalized, but rather confined to a single airport. Having said that, it wouldn’t strike me as odd for it to be pretty extended, but the reported scope is restricted here.

[Mike Mayor]

They are probably mining XMR
There's a LOT of places with crypto mining softwares installed without permission, like Schools, big companies, datacenters, research facilities etc

This is not good for our crypto world, it's illegal

Almost three years ago I saw a tutorial that letting you install software that lets you mine Monero without being detected. most of the people installed their software in the internet cafe. they go one after another, just like planting a tree but in an illegal way. The owner of those internet cafes are innocense because the software that those people installed are hidden in the task manager. that's how dangerous that miner software is.
But all of those things are illegal, you are just like using people's property without their will.

It might be hidden in the task manager but you can still tell it is there. The computers will slow down a lot. Unless they were clever and only used a certain amount of the pc's power to mine so that it lasts longer without detection. If you have hardware monitoring software you can definitely figure out what's going on. I wonder how much these people actually made. I know they have botnets. I thought you might need a botnet to have enough hash power.

[Ucy]

If this is true it most likely they are used for mining Altcoins (and not really Bitcoin), especially those with low mining difficulty unless the virus is mining on many global computers. It also depends on how powerful the airport computers are, which could make mining Bitcoin profitable.
  It's possible that hackers create new Altcoins and get as many global computers as possible to mine them.?

[ChrisPop]

Alright, but I don't think those airport workstations have any significant mining power. Or maybe they have some top notch GPUs that I don't know about.. However the airport's IT team should have done a better job. It is part of the sys admin's job to oversee and scan the infrastructure for any threats and perform scheduled maintenance procedures. This is why control staff is needed and operational managers need middle-line managers as well. Organizations don't work autonomously unfortunately and a simple antivirus can't face all the cybersecurity threats that exist nowadays.

[error08]

Another red mark for crypto space associated with bitcoin; The malware was suspected to be a Bitcoin miner because of its behavior of executing multiple processes over a short timeframe, even though it was confirmed as a the xmrig Monero miner. For layman it was a cybercrime which might be infected many places, not just one airport.

[romero121]

They are probably mining XMR
There's a LOT of places with crypto mining softwares installed without permission, like Schools, big companies, datacenters, research facilities etc

This is not good for our crypto world, it's illegal

This has been a problem that is found all around. Now this is being found within a high security premises. Almost every airport used to have high security, beyond that it is hard to enter. This surely should have taken place with the support of an employee. Such kind of mining softwares were found to be installed illegally on different computers. Often we can find news that states about illegal mining.

This kind of activities were to overcome the increased electricity consumption that takes away the profiting out of mining. Came across an article that gives some detailed data on mining practices Mining Cryptocurrency using Company Hardware and Electricity.

[Mandoy]

This is another case of a cryptojacking virus. A kind of trojan virus that hijacks your computer and mines a certain cryptocurrency. In the previous years the cryptocurrency that is being mined by this cryptojacking virus is monero. I am not sure if the airport computer were also mining monero because of the virus but it is the same kind of hacking that will use your computer without your knowledge to mine a certain cryptocurrency. Usually to remove the virus we just need to run a anti-malware software but if it is not working in the airport then that is a custom made virus probably an insider did that.

[Eugenar]

I wonder how they got the software on the computers. I reckon someone came into the airport with USBs that had malware and automatic installed data on the computers.

It is confusing though. Not sure why the airport wouldn't do routine weekly, or even monthly checks on their computers for malware.

There's a couple places I think would be prone to these sorta events, such as internet cafes, etc, anywhere where there are an excess of computers that are always in use.

Great link.

The main reason I think why airport is the target for these malware is that, their computers are widely awake and open almost 24 hours for the services that it provides. In this case, I highly have a feeling that their systems are overheating due to hidden process that run on its background. This is not good, flight and safety could be compromised by these such activities in cryptocurrency space.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    

[bounceback]

I think the airport station hacker group works with someone who works at the airport because if we think that the hacker himself without the help of someone who works at the airport maybe he certainly will not be able to get into the airport system because the airport system I believe is very strong at protecting their systems from hackers so as not to endanger lives during flights and we cannot confirm that airport hackers are a bitcoin mining group because they do not have solid evidence.