A Windows computer virus built using vulnerabilities first discovered by the NSA and stolen by hackers from the agency took the world by storm on Friday. WannaCry infected more than 300,000 computers with ransomware, and the malware’s most dangerous feature wasn’t even the fact that it encrypted the user’s personal files asking for ransom in Bitcoin. The virus was able to propagate to other computers without any interaction from a user, which explains why it was so viral before a researcher stumbled upon an unexpected fix.
It turns out that a virus similar in nature with WannaCry has been infecting computers for a few weeks now, turning them in miners of digital currency. That virus reportedly generated more than $1 million in revenue, going undetected until now.
The WannaCry attacks generated some $50,000 in Bitcoin ransom payments according to reports earlier this week, and the virus may linger in computer systems for quite a while.
But researchers at security firm Proofpoint said that a related attack that exploits the same vulnerability that powered WannaCry has turned more than 200,000 computers into digital currency miners.
According to a Reuters report, the attack installs a miner on PCs, a program that generates digital cash. The virus began infecting machines in late April or early May and was not discovered because it did its job silently. The computers would operate normally, but the miner would also run in the background.
The hacked computers would mine the digital currency Monero. In early April, the Lazarus hackers group installed software on a server in Europe to mine the exact same currency.
Reuters says this link seems to suggest the same North Korean hackers group is behind both attacks. But there’s no substantial proof to link them at this point so it can be a coincidence.
Whatever the case, this second attack that went unnoticed for weeks proves the high degree of sophistication of such programs that were first developed by the NSA that would allow an attacker to easily install and propagate malicious software on computer networks.