Chinese news outlet Landian News reported on May 19 that Shenzhen-based printer company Procolored has been distributing Bitcoin-stealing (BTC) malware alongside official drivers.
A Chinese printer manufacturer has been caught distributing Bitcoin-stealing malware alongside its official drivers, local media outlet Landian News reported on May 19.
Shenzen-based Procolored, a hardware company known for its 3D printers, UV printers and other imaging devices, was found to be distributing malware-ridden drivers using USB drivers and uploading the compromised software to cloud storage for global download.
The issue was first reported by YouTuber Cameron Coward, whose antivirus software detected malware in the Procolored drivers while testing a UV printer. The software flagged the drive as containing a worm and a trojan virus named Foxif.
After encountering issues with the antivirus tool, Procolored maintained that the detection was a false positive and deleted the infected drivers from its storage on May 8, re-scanning all files.
Analysis by cybersecurity firm G-Data revealed that most of Procolored’s drivers were hosted on the file hosting service MEGA, with uploads as old as October 2023. Analysis of those files confirmed that they were compromised by two distinct pieces of malware: backdoor Win32.Backdoor.XRedRAT.A and a crypto stealer designed to substitute addresses in the clipboard with those controlled by the attacker.
The cybersecurity company contacted the hardware producer, who attributed the malware to a supply chain compromise, explaining that the malicious files were introduced through infected USB devices before being uploaded online.
“We have been the victims of a third-party software vulnerability that led to the inclusion of malicious code in some of our printer drivers,” a Procolored spokesperson told G-Data.
The company added that it had taken immediate steps to remove the affected drivers and notify relevant parties. Procolored also planned to implement enhanced security measures to prevent similar incidents in the future.
A total of 9.3 BTC worth over $953,000 have been stolen, according to crypto tracking and compliance firm Slow Mist, which described how the malware operates in a May 19 X post.
Disclaimer:info@kdj.com
The information provided is not trading advice. kdj.com does not assume any responsibility for any investments made based on the information provided in this article. Cryptocurrencies are highly volatile and it is highly recommended that you invest with caution after thorough research!
If you believe that the content used on this website infringes your copyright, please contact us immediately (info@kdj.com) and we will delete it promptly.
