Procolored Chinese printer manufacturer distributes drivers contaminated with malware that steals Bitcoin

This information was reported this week by the Asian country's press and indicates that 9.3 BTC were stolen.

A Chinese printer manufacturer has reportedly distributed drivers contaminated with malware that steals Bitcoin, according to local reports.

The company, Procolored, is said to have used a USB flash drive to upload the virus-compromised software to a cloud storage service for global download, reports Landian News. In this case, a worm malware and a trojan called Foxif were sent. This episode also adds to a Binance study that exposes critical vulnerabilities in crypto security.

According to MistTrack, the malware diverted 9.3 BTC, just under $1 million at the time of this edition. The Bitcoins were sent to the wallet involved in the attack, as “the official driver provided by this printer loads a backdoor program. It hijacks the wallet address in the user’s clipboard and replaces it with the attacker’s address.”

The malware’s action occurs when the user copies the address, which is modified by the virus before sending. In this case, the transfer ends up being made to the wallet involved in the attack.

Company Acknowledges Infection After YouTuber Discovery

Tiansheng Printer acknowledged the infection, stated that it deleted the infected drivers, and checked all files on May 8.

However, the manufacturer’s acknowledgment reportedly came after the insistence of YouTuber Cameron Coward, who discovered the malware. It started when he installed the software of a Procolored UV printer and was alerted by an antivirus.

Coward reported that he notified Tiansheng, which blamed his antivirus. Dissatisfied, the YouTuber said he sought help on a Reddit forum and ended up attracting the attention of security company G-Data.

G-Data’s analysis revealed that the drivers were contaminated with a backdoor called Win32.Backdoor.XRedRAT.A and a cryptocurrency thief based on .NET. In this case designed to swap addresses in the clipboard.

The security company advised users to carefully check the system and scan. If possible, to reinstall the printer driver, which must be obtained by direct contact with Tiansheng technical support.