A computer virus that exploits the same vulnerability as the global “ransomware” attack has latched on to more than 200,000 computers and begun manufacturing digital currency, experts said Tuesday.
The development adds to the dangers exposed by the WannaCry ransomware and provides another piece of evidence that a North Korea-linked hacking group may be behind the attacks.
WannaCry, developed in part with hacking techniques that were either stolen or leaked from the U.S. National Security Agency, has infected more than 300,000 computers since Friday, locking up their data and demanding a ransom payment to release it.
Researchers at security firm Proofpoint said the related attack, which installs a currency “miner” that generates digital cash, began infecting machines in late April or early May but had not been previously discovered because it allows computers to operate while creating the digital cash in the background.
Proofpoint executive Ryan Kalember said the authors may have earned more than $1 million, far more than has been generated by the WannaCry attack.
Like WannaCry, the program attacks via a flaw in Microsoft Corp’s Windows software. That hole has been patched in newer versions of Windows, though not all companies and individuals have installed the patches.
Digital currencies based on a technology known as blockchain operate by enabling the creation of new currency in exchange for solving complex math problems. Digital “miners” run specially configured computers to solve the problems and generate currency, whose value ultimate fluctuates according to market demand.
Bitcoin is by far the largest such currency, but the new mining program is not aimed at Bitcoin. Rather it targeted a newer digital currency, called Monero, that experts say has been pursued recently by North Korean-linked hackers.
North Korea has attracted attention in the WannaCry case for a number of reasons, including the fact that early versions of the WannaCry code used some programming lines that had previously been spotted in attacks by Lazarus Group, a hacking group associated with North Korea.
Security researchers and U.S. intelligence officials have cautioned that such evidence is not conclusive, and the investigation is in its early stages.
In early April, security firm Kaspersky Lab said that a wing of Lazarus devoted to financial gain had installed software to mine Monero on a server in Europe.
A new campaign to mine the same currency, using the same Windows weakness as WannaCry, could be coincidence, or it could suggest that North Korea was responsible for both the ransomware and the currency mining.
Kalember said he believes the similarities in the European case, WannaCry and the miner were “more than coincidence.”
“It’s a really strong overlap,” he said. “It’s not like you see Monero miners all over the world.”
The North Korean mission to the United Nations could not be reached for comment, while the FBI declined to comment.
(Fixes spelling of digital currency in paragraphs 11 and 14 to Monero not Moreno.)
(Reporting by Joseph Menn; Editing by Jonathan Weber and Cynthia Osterman)
Seth Meyers mocks Devin Nunes saying Dems wanted to find nude photos of Trump: ‘Literally no one wants that’
"Late Night" host Seth Meyers ridiculed Rep. Devin Nunes (R-CA) for his absurd line of questioning that accused Democrats of the impeachment is the same as the Russia scandal.
Nunes said that Democrats want the world to forget about their efforts to obtain nude photos of Trump, something Meyers countered with actual sense.
"Hey man, I guarantee you no one wants nude pictures of Donald Trump," Meyers said. "I'm not crazy about clothed pictures of Donald Trump. Also, I have to believe that if there were nude pictures of Donald Trump, the first person to show them would be Donald Trump. He'd probably hold a press conference with a giant poster board."
House Republicans have 3 key defenses of Trump’s Ukraine extortion campaign — and they’re all terrible
To any halfway objective observer, the first day of public hearings in House Democrats’ impeachment inquiry, which are ongoing as of this writing, have not gone well for Trump’s defenders.
Bill Taylor, the top US ambassador in Kyiv, and veteran State Department official George Kent came off as principled and non-partisan as they delivered damning testimony about the Trump regime’s multifaceted campaign to coerce the Ukrainian government to announce an investigation into fringe right-wing conspiracy theories designed to deflect blame for interfering in the 2016 election from Russia and onto Ukraine.
Progressives hilariously ridicule Donald Trump Jr.’s new book with their own Trump triggers #TriggerDonaldTrumpJr
President Donald Trump's eldest child and namesake has published a book about liberals he says are "triggered" by conservatives. Ironically, it seems Donald Trump Jr. is the one who seems to be triggered by the reception he's getting from some on his book tour.
The hashtag, #TriggerDonaldTrumpJr has nothing to do with Jr's new book, rather it's progressives using his book title to mock the Trump child. Internet users were torn between mocking the young Trump for desperately trying to get his father's attention, scrambling to seem relevant, trying to launch his own political career, trying to make his own money and so much more.