A new form of malware based on exploits developed by the National Security Agency that was exposed in April is running wild, but with a twist: It hijacks computers to use their processing power to mine for a cryptocurrency called Monero.

The Trojan.BtcMine.1259 malware uses DoublePulsar, an NSA backdoor trojan virus that exploits unsecured server message block protocols to install a cryptominer on the infected computer. Once up and running, the malware uses the computing process of the infected personal computer to mine Monero, an alternative to bitcoin that launched in April 2014 and currently has a market capitalization of $695 million, making it the 10th most popular cryptocurrency online, according to Coin Market Cap.

The malware includes both 32-bit and 64-bit binaries so that it can take full advantage of the processing hardware of a victim’s PC. A security alert reported by HotHardware noted that the malware’s configuration “indicates how many of the processor’s kernels and computing resources will be used for cryptocurrency mining, the intervals with which the miner will automatically restart, and other parameters. The Trojan tracks running processes on the infected computer and shuts itself down when an attempt is made to launch the Task Manager.”

Not surprisingly, given its ongoing publicity, the exploits used by the new form of malware are related to the WannaCry ransomware, which closed down a Honda plant on Monday and infected speeding and red light cameras in Victoria, Australia. The good news is that unlike WannaCry, the DoublePulsar-based malware does not demand a ransom payment. But for those not on unlimited Internet plans, the data it pumps through while mining Monero may end up costing far more again.

As always, the advice is to practice safe Internet: Do not click on attachments from unknown sources and make sure you have up-to-date antivirus software installed.

Image: EFF Graphics/Wikimedia Commons