Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124

Procolored, a Shenzhen-based printer manufacturer, has been implicated in distributing Bitcoin-stealing malware alongside its official drivers. This revelation, reported by Chinese news outlet Landian News on May 19th, details a significant supply chain attack impacting users globally. The malware, delivered via USB drivers and subsequently uploaded to cloud storage, has reportedly stolen 9.3 BTC, valued at over $953,000.
The malware’s modus operandi, as described by crypto tracking firm Slow Mist, involves hijacking Bitcoin wallet addresses from a user’s clipboard and replacing them with the attacker’s address. This sophisticated technique allows for the seamless redirection of funds during transactions.
The issue was initially flagged by YouTuber Cameron Coward, whose antivirus software detected malicious code – a worm and a trojan named Foxif – within Procolored’s printer drivers. This prompted further investigation by cybersecurity firm G-Data, confirming the presence of two distinct malware strains: Win32.Backdoor.XRedRAT.A and a crypto stealer designed for clipboard manipulation.
G-Data’s analysis revealed that most of Procolored’s drivers, some dating back to October 2023, were hosted on MEGA. Procolored, after being contacted, claimed responsibility and stated that the infected drivers were removed from their storage on May 8th following a rescan of all files. They attributed the compromise to a supply chain attack, suggesting infected USB devices were the source of the malware’s introduction.
Landian News urges users who downloaded Procolored drivers within the past six months to conduct a thorough system scan using antivirus software. However, given the limitations of antivirus detection, a full system reinstall is recommended as a more effective preventative measure. While Procolored denies the accusations, citing a false positive, the evidence presented by multiple independent security firms strongly suggests the presence of malicious code within their officially distributed drivers. This incident underscores the critical importance of robust cybersecurity practices throughout the entire software distribution chain.