The code for a new Monero mining bot has been found to direct its ill-gotten gains to a computer server located at the first academic institute ever built in North Korea, Kim Il-sung University.

Malware University, North Korea

Monero Mining Malware Sends Proceeds to Kim Il Sung University, North KoreaCyber security solutions developer Alienvault revealed on Monday that its labs recently analyzed an application compiled on Christmas Eve 2017 – an installer for software that mines monero. While such malware is common these days, what’s new here is that the researchers say they found that the mined cryptocurrency is sent to Kim Il Sung University in Pyongyang, North Korea.

The report says that: “Cryptocurrencies could provide a financial lifeline to a country hit hard by sanctions. Therefore it’s not surprising that universities in North Korea have shown a clear interest in cryptocurrencies. Recently the Pyongyang University of Science and Technology invited foreign experts to lecture on cryptocurrencies. The Installer we’ve analyzed above may be the most recent product of their endeavors.”

Monero Mining Malware Sends Proceeds to Kim Il Sung University, North Korea

The Usual Suspects

Monero Mining Malware Sends Proceeds to Kim Il Sung University, North KoreaMonero has been the subject of a mainstream media smear campaign lately, with many publications around the world repeating the line that criminals are abandoning bitcoin and switching to this “new” cryptocurrency. North Korea also has been marked as a hackers’ nation, responsible for most cyber attacks on Western targets.

While both counts are likely to true, skeptics may wonder whether the demonization of North Korea is all part of a psy-op to gain public approval for some sort of strike (cyber, financial or otherwise) against the isolated country. Even the Alienvault team admit in their report that just because the code points to Kim Il-sung University doesn’t prove that it is the source of the software, recognizing the option that the “usage of a North Korean server is a prank to trick security researchers.”

Images courtesy of Shutterstock.