A U.S.-based cybersecurity firm has uncovered malware apparently being used to mine the Monero cryptocurrency and send it to a university in North Korea.

Cyber firm AlienVault released analysis of the malware on Monday, saying that it installs software on victim computers that instructs them to perform complex computational tasks to “mine” Monero. The mined currency is then sent to a server located at Kim II Sung University in Pyongyang.

The revelation could point to an effort by those in North Korea to find an alternative stream of revenue as the country finds its economy squeezed by international sanctions imposed over its nuclear and ballistic missile program.“Crypto-currencies could provide a financial lifeline to a country hit hard by sanctions. Therefore it’s not surprising that universities in North Korea have shown a clear interest in cryptocurrencies,” AlienVault said Monday.

“Recently the Pyongyang University of Science and Technology invited foreign experts to lecture on crypto-currencies. The Installer we’ve analysed above may be the most recent product of their endeavours,” the California-based computer security firm continued.

AlienVault noted, however, that the server in question is not connected to the wider Internet and may be set up to
“trick” security researchers into believing that the profits are being sent to North Korea.

Despite Pyongyang’s isolation from the global stage, the university does host some international students and professors, meaning that the malware’s author may not necessarily be North Korean.

Digital currencies like Monero have risen in popularity in recent years, particularly among cyber criminals looking to hide their tracks. Monero claims to be “untraceable,” making it a popular payment choice for malware operators and other cybercriminals.

Monero and other types of virtual currencies have emerged as an alternative to the increasingly popular Bitcoin, which has gained massive attention as its value skyrocketed in recent weeks — causing it to catch the attention of regulators.

This is not the first sign of North Korean actors turning to cryptocurrencies as a source of cash. Cyber firm FireEye released analysis in September saying that North Korean hackers had been targeting South Korean cryptocurrency exchanges throughout 2017.