打印機公司捕獲了分發比特幣偷走惡意軟件

從現在開始，為了保護您的比特幣（BTC）或其他加密貨幣，您不僅需要觀看您要在線點擊的內容，還需要購買什麼打印機

A printer company was caught distributing bitcoin (BTC)-stealing malware, researchers at G Data discovered.

發現G數據的研究人員發現了一家打印機公司（BTC）捕獲比特幣（BTC）的惡意軟件。

First discovered by Cameron Coward, the YouTuber behind the channel Serial Hobbyism, and discussed on Reddit, the issue caught the attention of the cybersecurity firm.

該問題首先是由頻道連續業餘愛好背後的YouTuber Cameron Coward發現的，並在Reddit上進行了討論，該問題引起了網絡安全公司的關注。

Their Principal Malware Researcher, Karsten Hahn, said he discovered that the threat actor's address received 9.3 BTC ($985,000), potentially from users of printers made by Procolored. The address, which saw 330 transactions in total, is currently empty.

他們的主要惡意軟件研究人員卡爾斯滕·哈恩（Karsten Hahn）說，他發現威脅性演員的地址收到了9.3 BTC（985,000美元），這可能來自Procolored製造的打印機用戶。該地址總共看到了330筆交易，目前為空。

After the YouTuber received an antivirus alert about a USB-spreading malware and a Floxif infection, considered one of the most severe types of infection, Hahn checked downloads for six Procolored products.

在YouTuber收到了有關開發USB的惡意軟件和Floxif感染的防病毒警報後，被認為是最嚴重的感染類型之一，Hahn檢查了六種Procolored產品的下載。

Among the files, last updated in October 2024, he found Win32.Backdoor.XRedRAT.A, a backdoor, and MSIL.Trojan-Stealer.CoinStealer.H, a stealer that either exfiltrates cryptocurrency wallets or replaces addresses in the clipboard with the attackers’ address.

在2024年10月上次更新的文件中，他找到了Win32.backdoor.xredrat.a，後門和MSIL.TROJAN-Stealer.coinstealer.h，竊取器，它可以剝落加密貨幣錢包或替換剪貼板中的攻擊者地址。

However, the researcher didn’t find Floxif in the download section.

但是，研究人員在下載部分沒有找到Floxif。

Meanwhile, initially, Procolored denied that they were spreading the malware, providing various explanations as to why antivirus programs might misidentify their software as false positives.

同時，最初否認他們正在傳播惡意軟件，提供了各種解釋，說明為什麼防病毒計劃可能會將其軟件誤認為是誤報。

"Nevertheless, they took down the software downloads from their website, which we noticed around the 8th of May 2025, and started an internal investigation," Hahn said, suggesting that a plausible explanation is the absence or failure of antivirus scanning on the systems used to compile and distribute the software packages.

哈恩說：“儘管如此，他們從他們的網站上刪除了軟件下載，我們注意到了2025年5月8日左右，並開始了內部調查。”

In a response to the researcher, the company suggested that the virus was injected during the process of transferring the software from USB drives to their website. The company also claims that the software will be re-uploaded "only after passing stringent virus and security checks."

在對研究人員的回應中，該公司建議該病毒是在將軟件從USB驅動器轉移到其網站的過程中註入的。該公司還聲稱，該軟件將“僅在經過嚴格的病毒和安全檢查後才重新上傳”。

In the meantime, Hahn recommends Procolored product users check whether any antivirus exclusions have been set for the printer software files, as people might have dismissed antivirus warnings.

同時，Hahn建議使用的產品用戶檢查是否已為打印機軟件文件設置了任何防病毒排除，因為人們可能已經駁回了防病毒警告。

"The safest remedy for an infection with file infectors is reformatting all drives and reinstalling the operating system," the researcher said, adding that despite transactions to the BTC address stopping on March 3rd, 2024, the file infection itself still damages systems.

研究人員說：“使用文件感染者感染的最安全的治療方法是重新格式化所有驅動器並重新安裝操作系統。”他補充說，儘管BTC地址交易於2024年3月3日停止，但文件感染本身仍然損壞了系統。