Monero mining – The AllenVault Labs has recently revealed a report to confirm the allegations made in North Korea that there is a virus is manipulated at the end of December and it is said to facilitate monero mining from its victims and the Monero is sent to a University in Pyongyang.
The virus “xmrig” has been in a shaky market since Christmas holiday last year. According to AllenVault’s report “xmrig” hijacked servers to mine Monero and this is enough evidence of the latest Seoul hijackings.
The report stated;
“The installer copies a file named intelservice.exe to the system. The filename intelservice.exe is often associated with cryptocurrency mining malware. Based on the arguments it’s executed with, it’s likely a piece of software called xmrig.”
In analyzing the code, the report states DNS address “barjouk.ryongnamsan.edu.kp” does not generate a genuine IP address.
Upon investigating the application’s code, it is hard to say whether the software was intended to utilize the Kim II Sung University’s resource to mine Monero or it was a test suite stimulated attack.
This is another attack after the WannaCry ransomware attack. However, the latest is suspected to either be due to:
- Uncompleted work delivered prematurely or
- The consequence of sloppy coding
The AllenVault published report is a concrete proof of these accusations. But where exactly this malware come from still remains a riddle. We are at least sure that the malware tries to send mined Monero from its victims to Kim II Sung University’s server.
What are your thoughts on this new revelations? Do you think such monero mining scandals can me expected to happen again?
Let us know in the comment section below