Unnamed major European airport was hit by a Monero mining malware that infected more than half of the airport’s workstations to secretly mine Monero cryptocurrency.
Cyberbit, a cyber security firm revealed in a blog post that the malware mining attack was discovered by Cyberbit’s Endpoint Detection and Response team while deploying their security solution that detected suspicious activity on some airport systems.
The malware used Reflective Dynamic-Link Library (DLL) loading to inject malicious DLLs into a host process running in memory without using the Windows loader and completely bypassing the infected systems’ hard drives.
The malware installed xmrig Monero miner to stealthy mine cryptocurrency on the infected machines.
