North Korea is earning bitcoin alternative monero by hijacking computers, researchers suggest

Sign up to our free weekly IndyTech newsletter delivered straight to your inbox

Sign up to our free IndyTech newsletter

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy notice

New software designed to make computers mine an alternative to bitcoin and send it to a university in North Korea has been discovered by security researchers.

The finding appears to support suggestions that North Korean actors are increasingly targeting computers in order to raise funds under strict economic sanctions.

A North Korean hacking group called Andariel secretly took over a server at a South Korean company and used it to mine around 70 monero last year, a hacking team said this month.

Experts have traced several similar attacks to North Korea over the course of 2017.

Since May, North Korean actors have targeted at least three South Korean cryptocurrency exchanges with the suspected intent of stealing funds, cybersecurity firm FireEye said in September.

It’s believed that North Korean actors will continue carrying them out in order to fund its nuclear and missile programmes.

The installer was spotted by cyber security firm AlienVault, which says it was created on 24 December.

“Crypto-currencies could provide a financial lifeline to a country hit hard by sanctions,” the company said.

“Therefore it’s not surprising that universities in North Korea have shown a clear interest in cryptocurrencies. Recently the Pyongyang University of Science and Technology invited foreign experts to lecture on crypto-currencies.

“The Installer ... may be the most recent product of their endeavours.”

It is designed to use host computers to mine a cryptocurrency called monero, and then send any coins to Kim Il Sung University in Pyongyang, according to AlienVault.

However, it isn’t yet clear how the software is actually being used.

“It’s not clear if we’re looking at an early test of an attack, or part of a ‘legitimate’ mining operation where the owners of the hardware are aware of the mining,” AlienVault says.

It adds that a North Korean server used in the code does not appear to be connected to the wider internet, which could mean its inclusion could be ”a prank to trick security researchers”.

Cryptocurrency watchers say technical details of Monero make it more appealing than bitcoin to those who value secrecy.

Monero funds go to an unlinkable, one-time address generated with random numbers every time a payment is issued.

That makes it less traceable than bitcoin, where transactions can be linked to specific, albeit anonymous, private addresses, cybersecurity experts said.

Additional reporting by Reuters.