Procolored Printer Manufacturer Implicated in Malware Distribution
In a disturbing revelation, Procolored, a printer manufacturer based in Shenzhen, has been implicated in distributing malware designed to steal Bitcoin alongside its official printer drivers. According to sources cited by Landian News on May 19, the company was reportedly utilizing compromised USB drivers to carry malware-laced software, which was subsequently uploaded to cloud storage for users worldwide to download. Reports indicate that this malicious software has been responsible for the theft of approximately 9.3 Bitcoin, valued at around $953,000.
Functionality of the Malware
Crypto tracking firm Slow Mist provided insights into the malware’s function, stating that the official drivers included a backdoor virus that manipulates the clipboard of users. Specifically, it hijacks the wallet addresses copied by users, replacing them with an address controlled by the malware creator.
Recommendations for Users
In light of these developments, tech experts recommend that anyone who has downloaded Procolored drivers in the last six months should conduct a comprehensive system scan using antivirus tools. However, they emphasize that reinstalling the operating system may be the safest route, especially for those who suspect infection.
The Discovery of the Malware
The malware issue first came to light when YouTuber Cameron Coward‘s antivirus software flagged suspicious activity while testing a Procolored UV printer. The software identified the presence of malware, specifically a worm and a trojan labeled Foxif. Following this, Coward sought help on Reddit, prompting cybersecurity experts’ attention and leading to an investigation by the firm G-Data.
Analysis by G-Data
G-Data’s analysis revealed that a significant number of Procolored’s driver files were stored on the MEGA file hosting service, with some uploads dating back to October 2023. Their examination confirmed the presence of two types of malware: the backdoor Win32.Backdoor.XRedRAT.A and a crypto-stealing program designed to substitute clipboard content.
Procolored’s Response
When approached for comment, Procolored refuted the allegations, claiming that the malware alerts were false positives from antivirus software. The company stated that they had removed the infected drivers from their storage on May 8 and asserted that the malware resulted from a supply chain security breach, with contaminated USB devices being blamed for the intrusion.
Conclusion
This incident raises serious concerns about the safety and integrity of software distributions in the tech industry, highlighting the need for rigorous security practices and transparency from hardware manufacturers.
