Chinese language printer producer Procolored distributed Bitcoin-stealing malware alongside its official drivers, in accordance with native media stories.
Chinese language information outlet Landian Information reported on Might 19 that Shenzhen-based printer firm Procolored has been distributing Bitcoin-stealing (BTC) malware alongside official drivers. The agency reportedly used USB drivers to distribute malware-ridden drivers and uploaded the compromised software program to cloud storage for international obtain.
To this point, 9.3 BTC price over $953,000 have been stolen, in accordance with the report. Crypto monitoring and compliance agency Gradual Mist defined how the malware operates in a Might 19 X publish:
“The official driver offered by this printer carries a backdoor program. It’s going to hijack the pockets deal with within the person’s clipboard and substitute it with the attacker’s deal with.“
Associated: Large provide chain assault focusing on small variety of crypto corporations: Kaspersky
YouTuber flags malware in Procolored drivers
Landian Information really helpful customers who downloaded Procolored printer drivers previously six months to “instantly carry out a full system scan utilizing antivirus software program.” Nonetheless, given the hit and miss nature of antivirus software program, a full system reset is at all times the higher choice when unsure:
“Ideally, you need to reinstall your working system and totally test previous information.“
The problem was allegedly first reported by YouTuber Cameron Coward, whose antivirus detected malware within the drivers whereas testing a Procolored UV printer. The antivirus flagged the drive as containing a worm and a trojan virus named Foxif.
Associated: Coinbase faces $400M invoice after insider phishing assault
Cybersecurity agency confirms crypto-stealing malware
When contacted, Procolored denied the claims and dismissed the antivirus flagging the drivers as a false constructive. Coward turned to Reddit, the place he shared the problem with cybersecurity professionals, attracting the eye of cybersecurity agency G-Knowledge.
G-Knowledge’s investigation discovered that the majority of Procolored’s drivers have been hosted on the file internet hosting service MEGA, with uploads as previous as October 2023. Evaluation of these information confirmed that they have been compromised by two distinct items of malware: backdoor Win32.Backdoor.XRedRAT.A and a crypto-stealer designed to substitute addresses within the clipboard with these managed by the attacker.
G-Knowledge contacted Procolored, with the {hardware} producer saying it deleted the contaminated drivers from its storage on Might 8 and re-scanned all information. Procolored attributed the malware to a provide chain compromise, stating that the malicious information have been launched via contaminated USB gadgets earlier than being uploaded on-line.
Associated: Crypto drainers as a service: What it’s essential know
