Hidden Bee was developed as a web browser hijacker in late 2017. By mid-2018, new malware samples included a crypto-miner module within unique file formats. The low detection rate led to over 500,000 infected systems in the Asia-Pacific region. The malware authors developed several unique file formats and filesystems, making it difficult to analyze with established toolkits, with a focus on dynamically loaded malware modules.
Execution of hidden bee malware exploit kit page
Indicators of Compromise
Malware Hash (MD5/SHA1/SH256)