The Chinese printer manufacturer Procolored was distributing malware to steal bitcoins along with its official drivers. This was reported by the local news outlet Landian News.
The company used USB drivers to spread trojan-infected drivers and uploaded compromised software to cloud storage for global downloading. As a result, a total of 9.3 BTC worth over $953,000 has already been stolen.
The official driver supplied with this printer contains a backdoor program. It intercepts the user's wallet address in the clipboard and replaces it with the attacker's address, wrote experts from Slow Mist, a company that tracks cryptocurrencies and ensures regulatory compliance.
Landian News recommended users who downloaded drivers for the Procolored printer in the last six months to 'immediately perform a full system scan with antivirus software.' In case of any doubts about data security, experts advise performing a complete system reboot.
The problem was first reported by YouTuber Cameron Coward, whose antivirus program detected malware in the drivers while testing the Procolored UV printer. The program flagged the disk as containing a worm and a trojan virus named Foxif.
When Coward sought clarification, Procolored denied the accusations and labeled the antivirus program's response as a false positive. The blogger then shared the issue with cybersecurity professionals.
The investigation was conducted by experts from G-Data. They found that most Procolored drivers were hosted on the MEGA file hosting service, with the upload having been made back in October 2023. Analysis of these files confirmed that they were compromised by two different malware: the Win32.Backdoor.XRedRAT.A backdoor and a cryptojacker designed to replace clipboard addresses with addresses controlled by the attacker.
The G-Data company contacted Procolored, and the equipment manufacturer reported that on May 8, it removed the infected drivers from its repository and re-scanned all files.