Security firm Trusteer says it has uncovered malware on an airport computer system. It’s unclear if the motives behind the attack were for money or more nefarious reasons, and Trusteer won’t say which airport was attacked.
The attack used Citadel Trojan malware—which computer users can unknowingly install simply by clicking on a Web link—to read the screens of employees who logged in remotely to the airport’s virtual private network (VPN). It also allowed the cybercriminals to capture the username, password, and one-time passcode of the victims with a form-grabbing technology, according to Trusteer. With the employee’s credentials in hand, the hackers would have unlimited access to the airport computer system’s software to the extent the worker’s account would allow.
Trustee says VPN access was immediately cut off after the breach was discovered.