Cyber Security firm Cyberbit revealed in a blog post that its software uncovered a large cryptocurrency mining infection in a European international airport.

More than half of the unnamed airport’s workstations were infected with mining malware that managed to evade detection from anti-virus (AV) software until the roll-out of the new Endpoint Detection and Response (EDR) security software from Cyberbit.

The firm’s software collects endpoint activity, which is then analyzed by a set of behavioral algorithms. This process detected suspicious use of the PAExec tool, which was used to launch the malicious bitcoin miner.

Limited Business Impact

Cyberbit stressed that a cryptominer would cause little business impact to the airport further than some performance degradation, occasional service interruptions to the network and a significant increase in power consumption. 

It certainly wouldn’t have endangered lives if it remained undetected – and it would likely have remained undetected if the airport had continued to rely on anti-virus software alone, the company said. In conclusion the blog post suggested:

We advise corporate customers not to rely on AV alone. To reach an optimal combination of prevention and detection, we strongly suggest complementing AV with EDR.


Featured Image Credit: Photo via