Trojan cryptocurrency miners are usually very basic in terms of features and methods used to propagate them. However, there are some examples of hacking groups that use very advanced methods to ensure that their Trojan miners will have a broad reach and will be able to work on the compromised systems for a long time, with minimum chances of being detected. One example of an advanced Trojan miner is Hidden Bee – the product of Chines crooks who appear to target systems located in Asia.

One of the earliest campaigns aimed at spreading the Hidden Bee Miner was executed with the use of corrupted advertisements that users might see while browsing websites linked to the distribution of adult content. The websites in question were popular in Asia, hence why researchers believe that this is the primary demographic targeted by the Hidden Bee’s operators. The corrupted advertisements in question contained a hidden iFrame that loaded an external file that attempts to exploit vulnerabilities in Internet Explorer and Adobe Flash Player. The successful exploitation of these vulnerabilities would render the attacker able to download a payload to the targeted host, and then launch it to set up the Hidden Bee miner.

Naturally, the miner is meant to operate as silently as possible, and it will not attract any attention unless the user notices that an unknown program is using a significant portion of the available CPU resources. The Hidden Bee miner is known to hide its running components on valid system processes like ‘svchost.exe,’ ‘dllhost.exe,’ ‘msdtc.exe’ and ‘WmiPrvSE.exe.’

The purpose of the Hidden Bee miner is to mine for various cryptocurrencies – all mined coins are transferred to the private wallets of the attackers, therefore giving them 100% pure profit since they are using the hardware of non-suspecting users to execute the mining operation. It is strongly recommended to run an anti-virus scanner if you have suspicions that an unknown piece of software might be using a larger portion of your hardware resources.
[template:aliases][template:removal][template:technical_title][template:files][template:registry][template:additional]