Underminer was first seen in 2017, targeting Asian countries by first deploying bootkits. It is a malware loaded during the boot process, which controlled the startup of the operating system, modifying the system before the loading of security components, for the persistence of the OS, and then a bitcoin miner at a later stage. At the time, this Exploit Kit spread through malicious advertising and exploitation of browser vulnerabilities. One of the miners distributed by this Exploit Kit was "Hidden Bee," a Chinese miner operating secretly.