Source: Cointelegraph
Original: “Report: Chinese Printer Manufacturers Spread Bitcoin (BTC) Stealing Malware”
Chinese printer manufacturer ColorStrong has distributed Bitcoin-stealing malware along with its official drivers, according to local media reports.
Chinese news media Blue Dot reported on May 19 that Shenzhen printer company Color Strong Print has been distributing Bitcoin (BTC) stealing malware through its official drivers. It is reported that the company uses USB drives to distribute drivers carrying malware and uploads these infected software to cloud storage platforms for global users to download.
According to the report, a total of 9.3 bitcoins worth over $953,000 were stolen. The cryptocurrency asset tracking and compliance agency SlowMist detailed the operation mechanism of the malware in a post on platform X on May 19.
“The official driver provided by this printer comes with a backdoor program. It hijacks the wallet addresses in the user’s clipboard and replaces them with the attacker’s address.”
Landian News suggests that users who have downloaded the Procolored printer driver in the past six months “should immediately perform a full system scan with antivirus software.” However, considering that the effectiveness of antivirus software can vary, a complete system reset is always a more reliable option when in doubt:
“Ideally, you should reinstall the operating system and thoroughly check the original files.”
According to reports, this security vulnerability was initially exposed by YouTuber Cameron Coward, who found that antivirus software detected malicious code in the driver while testing the Procolored UV printer. The system flagged the driver as containing a worm virus and a Trojan horse named Foxif.
In response to the inquiries, Procolored denied these allegations and classified the antivirus tool’s alerts as false positives. Coward then turned to the Reddit platform to share the issue with cybersecurity professionals, drawing the attention of the cybersecurity company G-Data.
In-depth investigations by G-Data have found that most of Procolored’s drivers are hosted on the file-sharing service MEGA, with upload times traceable back to October 2023. Analysis of these files confirms that they are indeed infected with two different types of malware: the backdoor Win32.Backdoor.XRedRAT.A and a cryptocurrency stealing tool designed specifically to replace addresses in the user’s clipboard with addresses controlled by the attacker.
G-Data has contacted Procolored, a hardware manufacturer that stated it removed the infected drivers from its storage on May 8 and rescanned all files. Procolored attributed this incident to a supply chain breach, claiming that the malicious files were introduced into the system via infected USB devices and subsequently uploaded to the network.
Related news: Strategy company invests $765 million to purchase 7,390 Bitcoins (BTC), and subsequently faces a class-action lawsuit.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
