Monero-Mining Malware Linked to North Korean University

north korean flag on computer

Analysts for cybersecurity firm AlienVault have identified new malware which mines Monero and transfers it to a server in Kim Il Sung University, Pyongyang, North Korea.

The malware was created on December 24th and infects host computers without their users’ knowledge. In a statement AlienVault said that cryptocurrencies like Monero, “may provide a financial lifeline to a country hit hard by sanctions, and as a result universities in Pyongyang have shown a clear interest”.

Cryptocurrencies are seen by the North Korean regime as a way around the strict sanctions imposed by the international community over their nuclear testing program. Mun Chong-hyun, chief analyst for ESTsecurity, elaborated that under sanctions, “cryptocurrencies are currently the best way to earn foreign currency in North Korea” adding that they are “hard to trace and can be laundered several times.

Indeed, several countries are currently exploring cryptocurrencies for just this reason.

Russia and Venezuela have proposed launching their own, while North Korea has been blamed for crypto-raising cybercrime. South Korean authorities pointed the finger at their neighbours for the recent Youbit hack which forced the permanent closure of the exchange.  

As previously reported, criminals are moving away from Bitcoin and towards less traceable alternatives like Zcash and Monero. Monero is much easier to mine so software can hijack computers and devices without the user realising.

AlienVault were careful to note that there is no conclusive proof that North Korean authorities, or even North Korean citizens, were involved. One of the encoded destination servers is not connected to the internet, so it may be that the software has been created to look it has North Korean involvement. The university also hosts lecturers and students from overseas, who could have been responsible.

Image Via Shutterstock

Related posts