Skip to main content

Hidden Bee Cryptocurrency Miner

First observed in early 2019, Hidden Bee is a complex Lua-based cryptocurrency miner.
Threat ID:
CC-3081
Category:
Miner
Threat Severity:
Low
Threat Vector:
Exploit kit
Published:
4 June 2019 12:00 AM
Report a cyber attack: call 0300 303 5222 or email carecert@nhsdigital.nhs.uk

Summary

First observed in early 2019, Hidden Bee is a complex Lua-based cryptocurrency miner.

Affected platforms

The following platforms are known to be affected:

Threat details

Hidden Bee has currently only been observed being delivered by the Underminer exploit kit (mistakenly attributed as Hidden Bee itself) in spam campaigns or drive-by-download attacks.

Once installed, Hidden Bee uses an included bootkit to escalate its privileges and disguise itself, before deploying a mining module.

For further information:

Remediation steps

Type Step

To prevent and detect aninfection, ensure that:

  • A robust program of education and awareness training is delivered to users to ensure they don’t open attachments or follow links within unsolicited emails.
  • All operating systems, anti-virus and other security products are kept up-to-date.
  • Regular anti-virus and security scans are performed on your organisation’s estate.
  • All day-to-day computer activities such as email and internet are performed using non-administrative accounts.
  • Strong password policies are in place.
  • Network, proxy and firewall logs should be monitored for suspicious activity.
  • User accounts accessed from affected devices should be reset on a clean computer.
  • Your organisation adopts a holistic all-round approach to Cyber Security as advocated by the 10 Steps to Cyber Security.

CVE Vulnerabilities

Last edited: 14 February 2020 2:47 pm