Many computers and servers around the world whose owners believed they were operating slowly because of the WannaCry ransomware attack, were actually victims of another insidious hack, according to the security company Proofpoint. It says the computers were infected with malware called Adylkuzz which turned them into an unwitting army of computer “miners” working to create and funnel large sums of digital currency, likely destined for dark web markets.

The California-based security company says this malware took advantage of the same National Security Agency-developed tools that drove Friday’s unprecedented WannaCry ransomware attack, possibly causing more damage.

WannaCry leveraged exploits stolen from the NSA to lock the computer systems of hundreds of thousands of companies, ranging from hospitals to car manufacturers, and hold their data for ransom. Adylkuzz uses the same exploits to install malware on computers, but instead of locking them, it operates in the background, stealing computer power (and slowing the device) while “mining” for the virtual currency Monero.

Ryan Kalember, the senior vice president of cybersecurity strategy at Proofpoint, said many people impacted by Adylkuzz may not notice the toll it’s taking on their computers immediately. Virtual currencies, such as Bitcoin, the most well-known are “mined” by computers and servers, typically with the owner’s knowledge. In this case, computers around the world are being forced to “mine” for Monero, which is most known for its ability to protect anonymity. Monero is the currency of choice on AlphaBay, a dark web market trafficking in drugs, stolen credit card information and other illicit goods.

“It’s throwing massive computational power at it, so it’s using those computers to create hundreds of thousands, if not millions of dollars worth of dark web currency,” Kalember said. “They’re basically making a bunch of dark money for some very bad people.”

Kalember said Proofpoint has identified 20 servers around the world that are “essentially hunting for vulnerable computers to do the mining.”

Riccardo Spagni, who is a member of Monero’s Core Team, which oversees ongoing development, maintenance, and research for the project, said the makers of the currency can’t stop Adylkuzz.