Chris Doman, a cybersecurity researcher at AlienVault, U.S.-based security firm, has discovered a malware that mines cryptocurrencies using foreign computers while the earnings deposit to a North Korean university’s wallet in Pyongyang.
Malware links to North Korea
As North Korea faces tougher United Nation sanctions, it is looking for alternative income sources. North Korean hackers are targeting computers around the world to mine virtual currencies.
“Crypto-currencies may provide a financial lifeline to a country hit hard by sanctions, and as a result universities in Pyongyang have shown a clear interest in cryptocurrencies.”
The cybersecurity researcher is unable to figure on how many monero have been mined or extracted. Additionally, Doman claims it difficult to assume how many systems have been attacked by the malware. He found the malware from a directory of viruses collected by VirusTotal, a subsidiary of Google.
The report points out that the Monero miner installs itself in a Microsoft Windows operating system folder. The file name reads as “intelservice.exe,” to misinterpret it as an Intel corporation file. “There is some type of subterfuge going on,” iterated Doman.
The illegal mined crypto funds trickle to a Kim Il Sung University server. To withdraw the funds the hacker enters the three-letter password “KJU,” which could refer to Kim Jong Un, the North Korean Leader. However, the server used in the code may be a decoy, with the impression of a North Korean influence to trick observers and the university if open to many international students.
“Monero doesn’t condone secretive malware that, unknown to the computer user, mines Monero. Further, no currency, digital or fiat, is immune to criminal malfeasance. Unfortunately, since the invention of the internet, viruses, and trojans that hijack computing resources for evil have existed,” said Monero community.
According to the report, the new malware attack is the work of an amateur and not of a spin-off of the Lazarus Group. Lazarus Group is North Korea’s finest hacking organization. In the past, Andariel, a unit of Lazarus, hacked a server of a South Korean company to mine Monero. At the time, this was the most convenient digital vehicle for criminals to hide stolen money. The attack earned the hacking organization 70 Monero coins currently equating to $29,000.
More on Monero
Monero Lead Maintainer Riccardo Spagni told International Business Times,
“No matter where you are from, how much you money you have, or what you choose to spend it on, the technologies employed by Monero protect your right to financial privacy. Monero is an open source, decentralized, privacy-focused cryptocurrency that exists for this sole purpose. We strongly believe the positive benefits of privacy oriented technologies like Monero far outweigh the negative.”
Moreover, transactions using Monero cannot be traced, maintaining the complete anonymity of the sender and receiver.
Additionally, mining bitcoin gets costlier due to the increasing the legacy chain’s complexity. Therefore criminals prefer mining Monero as it can be more beneficial, especially while running on others computer at no cost. Hence, being the best choice of income source for cybercriminals.
Do you think cryptocurrencies are aiding the North Korean regime in a time where new UN sanctions are released? Let us know your thoughts in comments section.