Cybersecurity company, AlienVault has discovered an application which secretly installs Monero mining scripts on vulnerable machines, and then uses the affected computers to send the mined coins to a university in North Korea.

If that sounds like a sci-fi plot to you, then you are not to be blamed.

However, it is true and has been making the rounds through different news outlets, all of which conclude that this, in fact, might not be a prank by the creators of said application. It could actually have North Korea involved in it, due to similar instances before this, that have been just as odd, sneaky, and threatening.

Similar situations from the past

Two individual North Korean groups were previously linked to two different incidents in the past.

One of them, Bluenorroff, had mined Monero on compromised machines from a bank.

The second group, Andariel, had also mined Monero on a compromised network of a South Korean corporation (these instances were mentioned in AlienVault’s detailed report as well).

Why Monero and what does the currency do?

Monero, one of the top 15 cryptocurrencies, currently holds transactions that are not linkable. The transactions also use a randomly generated address each time. This makes Monero untraceable as compared to its other counterparts out there, and as a result, lucrative for hackers.

It is being reported that the application was created on December 24. 

The university that it sends the mined Monero to is named Kim Il Sung University, in Pyongyang, North Korea.

According to multiple news sources, no representatives from Kim Il Sung University were available to comment on the situation. However, it should be noted that the university does not only hold North Korean individuals but also opens its doors to international students.

As per AlienVault’s investigation into the application, the company does not rule out that the part about the university server was added deliberately by the applications’ creators to “trick” security teams into thinking that the attack came from North Korea.

That being said, AlienVault also does not hesitate from concluding how a country hit by sanctions could considerably benefit from cryptocurrency. The security firm also pointed out, how, students at a Pyongyang university were provided with a crash course on Bitcoin and cryptocurrencies, raising concerns on why the country needed to educate its university level students with crash courses on the topic.

South Korean exchange attacks come to mind

This is not the first time that a company like AlienVault has found evidence in cybercrimes linking back to North Korea.

Last year, another firm by the name of FireEye had shared its analysis of multiple South Korean exchanges being attacked from North Korea. It had further mentioned how the country aimed to use Bitcoin to avoid its currently imposed sanctions.

It should be noted that South Korean cryptocurrency exchanges have been under cyberattacks since the past few months. With the country being home to some of the most active exchanges in the world, this poses a significant cause of concern for all stakeholders.