CyberSecurity news
FlagThis
Bill Toulas@BleepingComputer
//
Printer maker Procolored has been distributing malware-laced drivers to its users for at least six months. Security researcher Karsten Hahn from G Data discovered that the official software supplied with Procolored printers contained a remote access trojan (XRed) and a cryptocurrency stealer (SnipVex). These malicious files were available through the company's website, putting users at risk of having their Windows PCs compromised and cryptocurrency wallets stolen. The discovery began when YouTuber Cameron Coward, known as Serial Hobbyism, received a printer from Procolored and encountered malware alerts during setup.
Hahn's investigation revealed that 39 files on Procolored's Mega.nz account triggered malware detections, indicating a widespread issue. The XRed backdoor allows for keylogging, remote shell access, file deletion, and directory listing, while the SnipVex virus, a .NET-based clipbanker, replaces Bitcoin addresses in the clipboard, potentially redirecting cryptocurrency transactions to the attacker's wallet. Hahn traced the attacker's wallet to approximately 9.3 BTC, or $100,000 USD, accumulated before transactions stopped.
Procolored acknowledged the issue, stating that the software was initially transferred via USB drives and that a virus might have been introduced during this process. The company has temporarily removed all software from its official website and is conducting a comprehensive malware scan. This incident highlights the critical importance of supply chain security within the digital printing industry and emphasizes the need for rigorous security measures during software development, testing, and distribution.
ImgSrc: www.bleepstatic
References :
Hahn's investigation revealed that 39 files on Procolored's Mega.nz account triggered malware detections, indicating a widespread issue. The XRed backdoor allows for keylogging, remote shell access, file deletion, and directory listing, while the SnipVex virus, a .NET-based clipbanker, replaces Bitcoin addresses in the clipboard, potentially redirecting cryptocurrency transactions to the attacker's wallet. Hahn traced the attacker's wallet to approximately 9.3 BTC, or $100,000 USD, accumulated before transactions stopped.
Procolored acknowledged the issue, stating that the software was initially transferred via USB drives and that a virus might have been introduced during this process. The company has temporarily removed all software from its official website and is conducting a comprehensive malware scan. This incident highlights the critical importance of supply chain security within the digital printing industry and emphasizes the need for rigorous security measures during software development, testing, and distribution.
ImgSrc: www.bleepstatic
Share:
References :
- PCMag UK security: Warning: This Printer Vendor's Software Contained Malware
- cyberinsider.com: Procolored Printers Distributed Malware-Infested Software for Six Months
- BleepingComputer: Printer maker Procolored offered malware-laced drivers for months
- The DefendOps Diaries: Enhancing Security in the Digital Printing Supply Chain: Lessons from the Procolored Incident
- securityonline.info: SnipVex and XRed: Malware Discovered in Procolored Printer Software
- www.gdatasoftware.com: printer infected software downloads
- securityonline.info: SnipVex and XRed: Malware Discovered in Procolored Printer Software
- cyberpress.org: Printer Company Spreads XRed Malware Through Malicious Drivers
- bsky.app: For at least half a year, the official software supplied with Procolored printers included malware in the form of a remote access trojan and a cryptocurrency stealer.
- bsky.app: For at least half a year, the official software supplied with Procolored printers included malware in the form of a remote access trojan and a cryptocurrency stealer.
- bsky.app: For at least half a year, the official software supplied with Procolored printers included malware in the form of a remote access trojan and a cryptocurrency stealer.
- bsky.app: -Procolored printers shipped malware
- Cyber Security News: Procolored, a Chinese printer maker, unintentionally disseminated advanced Windows malware through its official printer driver downloads, affecting models such as the F8, F13, V6, V11 Pro, and VF13 Pro.
- Risky Business Media: Japan passes a new active cyber defense law, printer software gets shipped with malware, a UK telco leaks user data and geolocation via its 4G network, and Volkswagen patches major bugs in its mobile app.
- gbhackers.com: Procolored, a printer manufacturing company, has been found distributing software drivers infected with malicious code, including the notorious XRed backdoor malware.
- www.techradar.com: The malware stole almost 10 BTC from the victims.
- Cyber Security News: Malicious drivers infected with XRed malware
- How-To Geek: The malware was unintentionally spread through employee computers or servers.
Classification:
- HashTags: #SupplyChainAttack #PrinterMalware #Procolored
- Company: Procolored
- Target: Users of Procolored Printers
- Product: Printer Driver
- Feature: Malware
- Malware: SnipVex, XRed
- Type: Malware
- Severity: High