Topic: Half of the airport’s workstations infected with a crypto mining software (Read 223 times)

I think the airport station hacker group works with someone who works at the airport because if we think that the hacker himself without the help of someone who works at the airport maybe he certainly will not be able to get into the airport system because the airport system I believe is very strong at protecting their systems from hackers so as not to endanger lives during flights and we cannot confirm that airport hackers are a bitcoin mining group because they do not have solid evidence.

The main reason I think why airport is the target for these malware is that, their computers are widely awake and open almost 24 hours for the services that it provides. In this case, I highly have a feeling that their systems are overheating due to hidden process that run on its background. This is not good, flight and safety could be compromised by these such activities in cryptocurrency space.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    

This is another case of a cryptojacking virus. A kind of trojan virus that hijacks your computer and mines a certain cryptocurrency. In the previous years the cryptocurrency that is being mined by this cryptojacking virus is monero. I am not sure if the airport computer were also mining monero because of the virus but it is the same kind of hacking that will use your computer without your knowledge to mine a certain cryptocurrency. Usually to remove the virus we just need to run a anti-malware software but if it is not working in the airport then that is a custom made virus probably an insider did that.

This has been a problem that is found all around. Now this is being found within a high security premises. Almost every airport used to have high security, beyond that it is hard to enter. This surely should have taken place with the support of an employee. Such kind of mining softwares were found to be installed illegally on different computers. Often we can find news that states about illegal mining.

This kind of activities were to overcome the increased electricity consumption that takes away the profiting out of mining. Came across an article that gives some detailed data on mining practices Mining Cryptocurrency using Company Hardware and Electricity.

Another red mark for crypto space associated with bitcoin; The malware was suspected to be a Bitcoin miner because of its behavior of executing multiple processes over a short timeframe, even though it was confirmed as a the xmrig Monero miner. For layman it was a cybercrime which might be infected many places, not just one airport.

Alright, but I don't think those airport workstations have any significant mining power. Or maybe they have some top notch GPUs that I don't know about.. However the airport's IT team should have done a better job. It is part of the sys admin's job to oversee and scan the infrastructure for any threats and perform scheduled maintenance procedures. This is why control staff is needed and operational managers need middle-line managers as well. Organizations don't work autonomously unfortunately and a simple antivirus can't face all the cybersecurity threats that exist nowadays.

If this is true it most likely they are used for mining Altcoins (and not really Bitcoin), especially those with low mining difficulty unless the virus is mining on many global computers. It also depends on how powerful the airport computers are, which could make mining Bitcoin profitable.
  It's possible that hackers create new Altcoins and get as many global computers as possible to mine them.?

It might be hidden in the task manager but you can still tell it is there. The computers will slow down a lot. Unless they were clever and only used a certain amount of the pc's power to mine so that it lasts longer without detection. If you have hardware monitoring software you can definitely figure out what's going on. I wonder how much these people actually made. I know they have botnets. I thought you might need a botnet to have enough hash power.

Just to be specific on the scope, and unspecific as to the location, the blog article does reference that the findings occurred at a (nameless) international airport in Europe.
That does not mitigate the issue, but the context of their findings aren't generalized, but rather confined to a single airport. Having said that, it wouldn’t strike me as odd for it to be pretty extended, but the reported scope is restricted here.

I think this a pretty infectious malware rattling around in a lot of computers. The main problem is that this malware doesn't has any GUI it just continues to run in your task manager services and that is the only place from where you can shut it down. I highly doubt that a lot of computers have been infected by this virus. But airport's workstations are really designed to be much more secure than normal Personal computes if those are infected at such a large scale I highly doubt that it's even stinking around in my PC Too. I heard that even Piratebay and such torrent sites mine crypto using your pcs secretly.

This has not only affected the airport operations, but also the perception of crypto to people. The innocent ones would think crypto as a medium to carry virus to workstations, which is wrong and could decrease the trust of the public to crypto-space in general.

Their virus definitions should be always up-to-date to counteract and prevent malwares such as this. Their antivirus providers, also must be reliable because they may be the problem. This mining malwares impose great risk to public places, such as airports, since system slowdown may affect communications and other operations, which are critical to public safety.

This is a lesson for I.T personnels - to ensure that optimal defenses of their mission critical systems are always in place! Had that malware not been discovered earlier or otherwise it had another nasty malicious payload to wreak havoc on those systems, the damage could stop airport operations because such a security breach could halt flight schedules worldwide thereby causing a ripple effect on international flights schedules.

I guess its the job of the system administrator to maintain the security of those workstations and I think he/she should take the blame for it. Moreover, this also shows the importance of having regular security audits to endure these types of malware cannot breach computer systems.

Yea, we had the "W32/CoinMiner.g" at work for a while and the latest anti-virus software with updates did not want to remove it. We send the virus to the AV Software company and they engineered a solution and it was gone within a day or two. 

I sometimes wonder how many of these mining "bots" are running out there and how much the owner of these bots are actually getting from this. AV Software companies are catching up on this new trend and they are focusing some more effort on stopping this now. 

I am sure that there many more facilities serving the public whose computer system are infected with mining malware taking advantage of free infrastructure and free power to gain something. This is akin to producing money out of thin air as the mining malware is just piggy-backing the existing workstations. Now, there a need for a more sophisticated detection system so that nay attempt to do free mining can be monitored and thwarted. This is definitely unacceptable and can pose some security risks.


Yes, this thing should not be tolerated. I think all facilities public and private should now start monitoring and tracking their own system for possible infection of the mining malware. The big problem is when it is an inside job and there is no one looking closely at the IT department. This is why there should be a good software that can easily recognized this malady.


CPU mining can actually be a good opportunity for us to participate with as long as we are not doing illegally by just using those computers we legally own and connected with. However, for the sake of solving this problem, I agree that Monera must update via forks their platform. We can not allow this thing to continue.

It would be better if the data is published and how they detect it. It's like saying you know everything but nobody else should know it.

Going unnoticed is the cunning of hackers, who are always working to find ways to attack the systems and obtain profits illegally. In the world of cryptocurrencies we must be very careful with the platforms we use.

Yes, it's about the xmrig monero miner. How did those malicious malware entered the airport's computer system? Unless there is an insibe job who does all the job inserting such malware program to the computer. I wonder how much Europe's airport spent huge electric bill for unconsciouly knowing there is a mining of xmr for a couple of months.

Hackers are targeting it's employees, simply as that. Those bad actors are going to send phishing emails to those employees. And if the employee are not aware of it, 100% the whole company are going to be infected very quickly.

Not just airport are the target of hackers now but almost all industries.

Chinese hackers are ramping up attacks on US companies, state sponsored attacks are beginning the norm today.

That's worse then. I didn't think those PC's where so easy to stop and breach that a hacker would just be able to download software and then run the programs on the computers.

They must have hired some really cheap, or clueless staff for this to go un-noticed. Don't think it would take that much work anyway...

Another interesting stat I'd like to know, how much have they actually made off mining? Are these stats public?

This kind of illegal activity can't be stopped unless they got arrested. But surely, other people would also do the same. What's really sad is that they're damaging the image of crypto. It's a big damage to crypto since they're targeting big company and industry. Companies should always be careful with this kind of things since just like what the airport worries, it can cause physical damage to the people in the airport if they would access to their system. That's why companies have their ITs to help them with this things and other digital issues.

We can't help it, the more cryptocurrency is getting recognition, the more people are taking it for granted even if it means oppressing others.