European Airport Finds 50% of its Computers Infected With Malware
50% of the workstations at an international airport in Europe have been infected by a cryptomining malware. The breach was discovered by researchers from cybersecurity company Cyberbit. The researchers stated that they detected the malware due to abnormal activity of the PAExec tool and Reflective DLL Loading on the infected computers.
What is cryptojacking?
Cryptojacking malware is a strain of malware that uses the computing resources of infected PCs to generate cryptocurrency for the attacker.
Cryptocurrencies are digital currencies such as bitcoin and ethereum. By dedicating computer resources for cryptomining, individuals can generate these digital currencies. Cryptojacking involves maliciously using a victim’s computer to cryptomine digital currencies for the cyberattacker without the consent of the victim.
There are many symptoms associated with cryptojacking including computer slowdowns and overheating issues. You can read more about cryptojacking in our article here.
What is PAExec?
PAExec is a program that allows a Windows computer to remotely connect to another Windows computer and execute a program without having to install it on the remote computer. The cybersecurity researchers at Cyberbit stated that PAExec was used to execute a malicious file called “player.exe” which stole the infected computers’ resources to mine a cryptocurrency called “Monero” for the cyberattacker. The cybervirus was able to avoid detection because it used a highly modified version of a previously known malware – CryptoMiner Variant #2.
Significantly, PAExec allowed for administrative code execution on the infected computers, which means that it was allowed to bypass antivirus protocols for detection.
How was the airport impacted?
It was discovered that the cryptomining malware gave the malicious program priority to use system resources. That means that infected computers would suffer from slowdowns and increases to power consumption. Both of these reduced the service quality of the airport and negatively impacted the businesses’ bottom line.
How does cryptojacking malware infect PCs?
It is not known how the computers became infected with the malware in this incident. Historically, there have been several known methods of infecting computers with cryptomining malware. Negligent employees can mistakenly install malware onto company computers by clicking malicious links in emails or visiting malicious websites. In another vein, malicious insiders can install malware deliberately. Outside attacks can involve strategies like fake emails or exploiting security vulnerabilities.
Don’t fall victim to cryptojacking. We can help you design and deploy network security solutions. Call us at +1 888 366 4443 or email us at email@example.com to get started today.