Chinese printer maker Procolored reportedly spread clipboard-hijacking Bitcoin malware via its official drivers in a supply chain attack that led to over $950,000 in stolen funds.
Chinese printer manufacturer Procolored distributed Bitcoin-stealing malware alongside its official drivers, according to local media reports.
Chinese printer
Chinese news outlet Landian News reported on May 19 that Shenzhen-based printer company Procolored has been distributing Bitcoin-stealing
BTC
$105,394
malware alongside official drivers. The company reportedly used USB drivers to distribute malware-ridden drivers and uploaded the compromised software to cloud storage for global download.
A total of 9.3 BTC worth over $953,000 have been stolen, according to the report. Crypto tracking and compliance firm Slow Mist described how the malware operates in a May
“The official driver provided by this printer carries a backdoor program. It will hijack the wallet address in the user’s clipboard and replace it with the attacker’s address.“
Landian News recommended users who downloaded Procolored printer drivers in the past six months to “immediately perform a full system scan using antivirus software.” Still, given the hit or miss nature of antivirus software, a full system reset is always the better option when in doubt:
“Ideally, you should reinstall your operating system and thoroughly check old files.“
The issue was allegedly first reported by YouTuber Cameron Coward, whose antivirus software detected malware in the drivers while testing a Procolored UV printer. The software flagged the drive as containing a worm and a trojan virus named Foxif.
Cybersecurity company confirms crypto-stealing malware from chinese printer
When contacted, Procolored denied the claims and dismissed the antivirus tool flagging the drivers as a false positive. Coward turned to Reddit, where he shared the issue with cybersecurity professionals, attracting the attention of cybersecurity firm G-Data.
G-Data’s investigation found that most of Procolored’s drivers were hosted on the file hosting service MEGA, with uploads as old as October 2023. Analysis of those files confirmed that they were compromised by two distinct pieces of malware: backdoor Win32.Backdoor.XRedRAT.A and a crypto stealer designed to substitute addresses in the clipboard with those controlled by the attacker.
G-Data contacted Procolored, with the hardware producer saying it deleted the infected drivers from its storage on May 8 and re-scanned all files. Procolored attributed the malware to a supply chain compromise, stating that the malicious files were introduced through infected USB devices before being uploaded online.
Reference : Cointelegraph
Join our gang by purchasing the Animalverse Club NFT, which is the key to accessing a ton of benefits.
Animalverse SoicialFi is a web3 social media platform designed to connect users around the world without the influence of algorithms, promoting equal access to information. The platform aims to create a decentralized environment where users can freely share and consume content and send crypto, which is fully consistent with the principles of blockchain technology. Let’s be a part of AVC ecosystem Home BlackMarketplace Groups Games Jobs Blog News
