Source: Cointelegraph
Original: “Report: Chinese Printer Manufacturer Distributes Bitcoin (BTC) Stealer Malware”

Chinese printer manufacturer Procolored has been distributing Bitcoin stealing malware with its official drivers, according to local media reports.

Chinese news outlet Blue Dot reported on May 19 that the Shenzhen-based printer company Procolored has been distributing Bitcoin (BTC) stealing malware within its official drivers. The company reportedly used USB drivers to distribute the infected drivers and uploaded the compromised software to cloud storage platforms for global users to download.

According to the report, a total of 9.3 Bitcoins worth over $953,000 have been stolen. Cryptocurrency asset tracking and compliance firm Slow Mist detailed the operation of the malware in a post on platform X on May 19:

“This official driver provided by the printer carries a backdoor program. It hijacks the wallet addresses in the user’s clipboard and replaces them with the attacker’s address.”

Landian News advised users who downloaded the Procolored printer drivers in the past six months to “immediately perform a full system scan with antivirus software.” However, given the inconsistent effectiveness of antivirus software, a complete system reset is always a more reliable option when in doubt:

“Ideally, you should reinstall the operating system and thoroughly check the original files.”

This security vulnerability was initially exposed by YouTuber Cameron Coward, who found that antivirus software detected malicious code in the driver while testing the Procolored UV printer. The system flagged the driver as containing a worm virus and a Trojan horse named Foxif.

In response to inquiries, Procolored denied these allegations and classified the antivirus tool's alerts as false positives. Coward then turned to the Reddit platform to share the issue with cybersecurity professionals, drawing the attention of cybersecurity firm G-Data.

G-Data's in-depth investigation found that most of Procolored's drivers were hosted on the file-sharing service MEGA, with uploads dating back to October 2023. Analysis of these files confirmed that they were indeed infected with two different types of malware: the backdoor program Win32.Backdoor.XRedRAT.A and a cryptocurrency stealing tool specifically designed to replace addresses in the user’s clipboard with those controlled by the attacker.

G-Data contacted Procolored, and the hardware manufacturer stated that it had removed the infected drivers from its storage on May 8 and rescanned all files. Procolored attributed the incident to a supply chain breach, claiming that the malicious files were introduced into the system via an infected USB device and subsequently uploaded to the internet.

Related: Strategy firm spends $765 million to purchase 7,390 Bitcoins (BTC) and is immediately hit with a class-action lawsuit.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。