North Korean malware found that mines cryptocurrency, experts say

A cybersecurity researcher has found malware that mines a type of cryptocurrency and routes the bounty to a North Korean university, showing how hackers in North Korea are targeting new assets as sanctions force Pyongyang to pursue alternative income streams.

The malware — deployed on Christmas Eve — instructs an infected computer to mine for Monero, a bitcoin alternative, according to a report released Monday by AlienVault, a U.S. cybersecurity firm. Monero describes itself on its website as a “secure, private and untraceable” form of cryptocurrency where users’ accounts and transactions are shielded from “prying eyes.”

The unearthed funds then automatically flow to a server domain at Kim Il Sung University where to access the funds the hacker would enter a three-letter password: KJU, a likely reference to North Korean leader Kim Jong Un.

It is unclear where the virus was planted or how much Monero was extracted, said Chris Doman, an AlienVault threat engineer who identified the malware from a database of computer viruses amassed by VirusTotal, a subsidiary of Alphabet Inc.’s Google. Because only large organizations automatically upload lots of files to VirusTotal, the malware was likely spotted at a big company, Doman said, though he is unable to determine how many computers were affected — or if the attack continues.

https://www.marketwatch.com/story/north-korean-malware-found-that-mines-cryptocurrency-experts-say-2018-01-08