{"id":6257,"date":"2025-05-19T21:46:36","date_gmt":"2025-05-19T13:46:36","guid":{"rendered":"https:\/\/cicserver.com\/procolored-printers-shipped-out-with-malware-ridden-drivers-for-half-a-year\/"},"modified":"2025-05-19T21:46:36","modified_gmt":"2025-05-19T13:46:36","slug":"procolored-printers-shipped-out-with-malware-ridden-drivers-for-half-a-year","status":"publish","type":"post","link":"https:\/\/cicserver.com\/de\/procolored-printers-shipped-out-with-malware-ridden-drivers-for-half-a-year\/","title":{"rendered":"Procolored printers shipped out with malware-ridden drivers for half a year"},"content":{"rendered":"<p><br \/>\n<br \/><img decoding=\"async\" src=\"https:\/\/cdn.mos.cms.futurecdn.net\/h4jbJyVDJDQLp58dtYgVsQ.jpg\" \/><\/p>\n<div id=\"article-body\">\n<hr\/>\n<ul>\n<li><strong>A Chinese printer maker was serving malware with software installations for half a year<\/strong><\/li>\n<li><strong>The malware included backdoors and crypto stealers<\/strong><\/li>\n<li><strong>Almost 10 BTC was stolen <\/strong><\/li>\n<\/ul>\n<hr\/>\n<p>Procolored, a major Chinese printer manufacturer, has been inadvertently infecting its customers with backdoors, infostealers, and cryptocurrency stealers &#8211; for six months. This is according to cybersecurity researchers G Data, who were tipped off about the supply chain attack by a <a data-analytics-id=\"inline-link\" href=\"https:\/\/www.techradar.com\/tag\/youtube\" data-auto-tag-linker=\"true\" data-before-rewrite-localise=\"https:\/\/www.techradar.com\/tag\/youtube\">YouTube<\/a> content creator, Cameron Coward.<\/p>\n<p>Apparently, Coward wanted to review one of Procolored\u2019s printers and, after trying to install the accompanying software from a USB stick, was alerted to the presence of the Floxif worm. He reached out to the company who dismissed the warning as a false positive. Unsatisfied with the answer, Coward turned to Reddit, where his thread was picked up by G Data\u2019s researchers.<\/p>\n<aside data-block-type=\"embed\" data-render-type=\"fte\" data-skip=\"dealsy\" data-widget-type=\"seasonal\" class=\"hawk-base\"\/>\n<p>The team found six of the company\u2019s product lines infected with malware: F8, F13, F13 Pro, V6, V11 Pro, and VF13 Pro. They also determined that the last update of the software was made in October 2024, which means the company was deploying malware for at least half a year before being spotted.<\/p>\n<aside data-component-name=\"Recirculation:ArticleRiver\" data-nosnippet=\"\">\n<span class=\"bg-secondary-500 text-white text-lg font-bold uppercase py-1 px-2 leading-[1.625rem] sm:leading-[6px] sm:text-sm\"><br \/>\nYou may like<br \/>\n<\/span><\/p>\n<\/aside>\n<h2 id=\"tens-of-unique-variants-3\">Tens of unique variants<\/h2>\n<p>In total, the researchers found 39 malware detections in 20 uniquely hashed executables. There were RATs, trojans, clipboard stealers, and cryptocurrency stealers. One of the wallets allegedly belonging to the attackers received almost 10 BTC, which means the attackers raked in almost a million dollars with just one piece of <a data-analytics-id=\"inline-link\" href=\"https:\/\/www.techradar.com\/best\/best-malware-removal\" target=\"_blank\" data-before-rewrite-localise=\"https:\/\/www.techradar.com\/best\/best-malware-removal\">malware<\/a>.<\/p>\n<p>It was also said that some of the command-and-control (C2) infrastructure was inactive since early 2024, while the BTC wallet hasn\u2019t been active since March the same year. This could signal that the threat actors moved to other things, which could mean the threat isn\u2019t as pronounced today.<\/p>\n<p>Procolored is a leader in the digital textile printing industry, according to <a data-analytics-id=\"inline-link\" href=\"https:\/\/cyberinsider.com\/procolored-printers-distributed-malware-infested-software-for-six-months\/\" target=\"_blank\" data-url=\"https:\/\/cyberinsider.com\/procolored-printers-distributed-malware-infested-software-for-six-months\/\" referrerpolicy=\"no-referrer-when-downgrade\" data-hl-processed=\"none\"><em>Cyberinsider<\/em><\/a>. The company\u2019s hardware is used in small-scale manufacturing and creative industries, the publication claims, adding that its presence \u201csent ripples\u201d through the tech and maker communities.<\/p>\n<p>As of May 8, all software was removed from Procolored\u2019s website, and an investigation was launched. The company told G Data that its systems were most likely compromised as well.<\/p>\n<div id=\"slice-container-newsletterForm-articleInbodyContent-xQR9F6CznVVWhUN4f2WQ3A\" class=\"slice-container newsletter-inbodyContent-slice newsletterForm-articleInbodyContent-xQR9F6CznVVWhUN4f2WQ3A slice-container-newsletterForm\">\n<div data-hydrate=\"true\" class=\"newsletter-form__wrapper newsletter-form__wrapper--inbodyContent\">\n<div class=\"newsletter-form__container\">\n<section class=\"newsletter-form__top-bar\"\/>\n<section class=\"newsletter-form__main-section\">\n<p class=\"newsletter-form__strapline\">Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!<\/p>\n<\/section>\n<\/div>\n<\/div>\n<\/div>\n<p><em>Via <\/em><a data-analytics-id=\"inline-link\" href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/printer-maker-procolored-offered-malware-laced-drivers-for-months\/\" target=\"_blank\" data-url=\"https:\/\/www.bleepingcomputer.com\/news\/security\/printer-maker-procolored-offered-malware-laced-drivers-for-months\/\" referrerpolicy=\"no-referrer-when-downgrade\" data-hl-processed=\"none\"><em>BleepingComputer<\/em><\/a><\/p>\n<h3 class=\"article-body__section\" id=\"section-you-might-also-like\"><span>You might also like<\/span><\/h3>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>A Chinese printer maker was serving malware with software installations for half a year The malware included backdoors and crypto stealers Almost 10 BTC was stolen Procolored, a major Chinese printer manufacturer, has been inadvertently infecting its customers with backdoors, infostealers, and cryptocurrency stealers &#8211; for six months. This is according to cybersecurity researchers G [&hellip;]<\/p>","protected":false},"author":3,"featured_media":6258,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_seopress_robots_primary_cat":"","_seopress_titles_title":"","_seopress_titles_desc":"","_seopress_robots_index":"","footnotes":""},"categories":[1],"tags":[],"class_list":{"0":"post-6257","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-blog"},"_links":{"self":[{"href":"https:\/\/cicserver.com\/de\/wp-json\/wp\/v2\/posts\/6257","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cicserver.com\/de\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cicserver.com\/de\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cicserver.com\/de\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/cicserver.com\/de\/wp-json\/wp\/v2\/comments?post=6257"}],"version-history":[{"count":0,"href":"https:\/\/cicserver.com\/de\/wp-json\/wp\/v2\/posts\/6257\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cicserver.com\/de\/wp-json\/wp\/v2\/media\/6258"}],"wp:attachment":[{"href":"https:\/\/cicserver.com\/de\/wp-json\/wp\/v2\/media?parent=6257"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cicserver.com\/de\/wp-json\/wp\/v2\/categories?post=6257"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cicserver.com\/de\/wp-json\/wp\/v2\/tags?post=6257"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}