By admin 
Chinese language printer producer Procolored distributed Bitcoin-stealing malware alongside its official drivers, in accordance with native media experiences.
Chinese language information outlet Landian Information reported on Might 19 that Shenzhen-based printer firm Procolored has been distributing Bitcoin-stealing (BTC) malware alongside official drivers. The corporate reportedly used USB drivers to distribute malware-ridden drivers and uploaded the compromised software program to cloud storage for world obtain.
A complete of 9.3 BTC value over $953,000 have been stolen, in accordance with the report. Crypto monitoring and compliance agency Sluggish Mist described how the malware operates in a Might 19 X post:
“The official driver offered by this printer carries a backdoor program. It’s going to hijack the pockets handle within the consumer’s clipboard and substitute it with the attacker’s handle.“
Associated: Massive supply chain attack targeting small number of crypto companies: Kaspersky
YouTuber flags malware in Procolored drivers
Landian Information advisable customers who downloaded Procolored printer drivers previously six months to “instantly carry out a full system scan utilizing antivirus software program.” Nonetheless, given the hit and miss nature of antivirus software program, a full system reset is at all times the higher possibility when unsure:
“Ideally, you must reinstall your working system and completely examine outdated recordsdata.“
The difficulty was allegedly first reported by YouTuber Cameron Coward, whose antivirus software program detected malware within the drivers whereas testing a Procolored UV printer. The software program flagged the drive as containing a worm and a trojan virus named Foxif.
Associated: Coinbase faces $400M bill after insider phishing attack
Cybersecurity firm confirms crypto-stealing malware
When contacted, Procolored denied the claims and dismissed the antivirus software flagging the drivers as a false optimistic. Coward turned to Reddit, the place he shared the problem with cybersecurity professionals, attracting the eye of cybersecurity agency G-Knowledge.
G-Knowledge’s investigation discovered that almost all of Procolored’s drivers have been hosted on the file internet hosting service MEGA, with uploads as outdated as October 2023. Evaluation of these recordsdata confirmed that they have been compromised by two distinct items of malware: backdoor Win32.Backdoor.XRedRAT.A and a crypto stealer designed to substitute addresses within the clipboard with these managed by the attacker.
G-Knowledge contacted Procolored, with the {hardware} producer saying it deleted the contaminated drivers from its storage on Might 8 and re-scanned all recordsdata. Procolored attributed the malware to a provide chain compromise, stating that the malicious recordsdata have been launched by means of contaminated USB units earlier than being uploaded on-line.
Associated: Crypto drainers as a service: What you need to know