Bitcoin stealer malware found in official printer drivers

Chinese printer shaper Procolored distributed Bitcoin-stealing malware alongside its authoritative drivers, according to section media reports.

Chinese quality outlet Landian News reported connected May 19 that Shenzhen-based printer institution Procolored has been distributing Bitcoin-stealing (BTC) malware alongside authoritative drivers. The steadfast reportedly utilized USB drivers to administer malware-ridden drivers and uploaded the compromised bundle to unreality retention for planetary download.

So far, 9.3 BTC worthy implicit $953,000 person been stolen, according to the report. Crypto tracking and compliance steadfast Slow Mist explained however the malware operates successful a May 19 X post:

“The authoritative operator provided by this printer carries a backdoor program. It volition hijack the wallet code successful the user’s clipboard and regenerate it with the attacker's address.“

Source: MistTrack

Related: Massive proviso concatenation onslaught targeting tiny fig of crypto companies: Kaspersky

YouTuber flags malware successful Procolored drivers

Landian News recommended users who downloaded Procolored printer drivers successful the past six months to “immediately execute a afloat strategy scan utilizing antivirus software.” Still, fixed the deed oregon miss quality of antivirus software, a afloat strategy reset is ever the amended enactment erstwhile successful doubt:

“Ideally, you should reinstall your operating strategy and thoroughly cheque aged files.“

The contented was allegedly archetypal reported by YouTuber Cameron Coward, whose antivirus detected malware successful the drivers portion investigating a Procolored UV printer. The antivirus flagged the thrust arsenic containing a worm and a trojan microorganism named Foxif.

Related: Coinbase faces $400M measure aft insider phishing attack

Cybersecurity steadfast confirms crypto-stealing malware

When contacted, Procolored denied the claims and dismissed the antivirus flagging the drivers arsenic a mendacious positive. Coward turned to Reddit, wherever helium shared the contented with cybersecurity professionals, attracting the attraction of cybersecurity steadfast G-Data.

G-Data’s investigation recovered that astir of Procolored’s drivers were hosted connected the record hosting work MEGA, with uploads arsenic aged arsenic October 2023. Analysis of those files confirmed that they were compromised by 2 chiseled pieces of malware: backdoor Win32.Backdoor.XRedRAT.A and a crypto-stealer designed to substitute addresses successful the clipboard with those controlled by the attacker.

G-Data contacted Procolored, with the hardware shaper saying it deleted the infected drivers from its retention connected May 8 and re-scanned each files. Procolored attributed the malware to a proviso concatenation compromise, stating that the malicious files were introduced done infected USB devices earlier being uploaded online.

Related: Crypto drainers arsenic a service: What you request to know