SAN FRANCISCO • A computer virus that exploits the same vulnerability as the global ransomware attack has latched onto more than 200,000 computers and begun manufacturing digital currency, according to experts.
The development adds to the dangers exposed by the WannaCry ransomware and provides another piece of evidence that a North Korea-linked hacking group may be behind the attacks.
WannaCry, developed in part with hacking techniques that were either stolen or leaked from the United States National Security Agency, has infected over 300,000 computers since last Friday, locking up their data and demanding a ransom payment to release it.
Researchers at security firm Proofpoint said the related attack, which installs a currency "miner" that generates digital cash, began infecting machines late last month or early this month, but had not been previously discovered as it allows computers to operate while creating digital cash in the background.
Proofpoint executive Ryan Kalember said the authors may have earned over US$1 million (S$1.4 million), far more than has been generated by the WannaCry attack.
Like WannaCry, the program attacks via a flaw in Microsoft's Windows software. That hole has been patched in newer versions of Windows, though not all companies and individuals have installed the patches.
Digital currencies based on a technology known as blockchain operate by enabling the creation of new currency in exchange for solving complex maths problems. Digital "miners" run specially configured computers to solve the problems and generate currency, whose ultimate value fluctuates according to market demand.
Bitcoin is by far the largest such currency, but the new mining program is not aimed at Bitcoin. Rather, it targeted a newer digital currency called Monero, which experts say has been pursued recently by North Korea-linked hackers.