- A Chinese printer manufacturer was serving malware with software facilities for half a year
- Malware included rear doors and cryptographic thieves
- Almost 10 BTC were stolen
Procolorado, an important Chinese printer manufacturer, has been inadvertently infected with its customers with rear doors, infants and cryptocurrency robberies, for six months. This is in accordance with cybersecurity researchers G DATs, who were notified about the attack of a YouTube content creator, Cameron Coward.
Apparently, Coward wanted to check one of Procolor’s printers and, after trying to install the software that accompanies it from a USB stick, was alerted to the presence of the Floxif worm. He communicated with the company that dismissed the warning as a false positive. Unsatisfied with the answer, Coward turned to Reddit, where G Data researchers collected their thread.
The team found six of the company’s product lines infected with malware: F8, F13, F13 Pro, V6, V11 Pro and VF13 Pro. They also determined that the last software update was carried out in October 2024, which means that the company was implementing malware for at least half a year before being seen.
Dozens of unique variants
In total, the researchers found 39 malware detections in 20 unique hash executables. There were rats, Trojans, clipboard robbers and cryptocurrency thieves. One of the wallets supposedly belonging to the attackers received almost 10 BTC, which means that the attackers raised almost a million dollars with only one piece of malware.
It was also said that part of the command and control infrastructure (C2) was inactive since the beginning of 2024, while the BTC wallet has not been active since March of the same year. This could indicate that the threat that the actors moved to other things, which could mean that the threat is not so pronounced today.
Procolor is a leader in the digital textile printing industry, according to Cyberinsidic. The company’s hardware is used in small -scale manufacturing and manufacturing industries, says the publication, and adds that its presence “sent waves” through technological and manufacturers communities.
As of May 8, the entire software was eliminated from the Procolor website, and an investigation was launched. The company told G Data that its systems were probably also committed.
Through Bleepingcomputer
