Crypto
Reading Time: 2 minutes
- Chinese printer maker Procolored was unknowingly spreading crypto malware
- The malware was embedded in Procolored’s official USB printer drivers
- Procolored has removed the malware and rescanned all files
Chinese printer maker Procolored was unknowingly spreading crypto malware through its downloadable official USB printer drivers. According to blockchain security firm Slow Mist, the drivers contained a backdoor, allowing malicious actors to hijack “the wallet address in the user’s clipboard.” The malware targeted Bitcoin holders and has already siphoned nearly $1 million worth of BTC from multiple wallets, an amount that’s likely to increase as more Procolored printer users report losing funds.
Crypto Malware Undetected for Six Months
According to reports, the malware was probably embedded in the company’s printer drivers within the last six months. One of the printer’s users discovered the hidden code when his antivirus software alerted him to some malicious code while installing drivers for a Procolored UV printer.
The user reported the issue to Procolored, which dismissed it as a “false alarm from the antivirus software.” The user, however, sought help from cybersecurity specialists who discovered the hidden malware that contained a backdoor and a “cryptocurrency stealer.”
According to the specialists, the backdoor gave the malware access to a computer’s clipboard, where it scouted for crypto addresses. Once found, it replaced them with ones that are controlled by malicious actors.
The official driver provided by this printer carries a backdoor program. It will hijack the wallet address in the user’s clipboard and replace it with the attacker’s address: 1BQZKqdp2CV3QV5nUEsqSg1ygegLmqRygj
According to @MistTrack_io, the attacker has stolen 9.3086… https://t.co/DHCkEpHhuH pic.twitter.com/W1AnUpswLU
— MistTrack
Crypto Infected Flash Drives Introduced the Malware?
Procolored later acknowledged the presence of the malware in its drivers, adding that it may have found its way into the drivers through infected flash drives. The company also said that it had “deleted these drivers and rescanned all files.”
The report comes two months after malicious actors were caught selling malware-laced counterfeit phones and blackmailing YouTubers into spreading crypto malware. These new tactics add to crypto criminals’ attempts to increase the amount stolen by employing unorthodox methods.
With Procolored admitting to its official USB drivers containing malware, its printer users need to delete the old drivers and reinstall them afresh to avoid falling victim.
