GData Software researchers discovered viruses in the drivers that came with Procolored printers. Sold in France, notably on Amazon, these printers are mainly used by small businesses, design studios, and textile printing professionals. Based in Schenzen, China, the firm sells its printers in more than 31 countries.
In a recently published report, the researchers indicated that they detected the presence of malware after being alerted by Cameron Coward, a videographer who tested one of the Chinese brand's printers. He noticed that the driver for his printer triggered an antivirus alert once installed.
Initially, Cameron Coward called Procolored to account. The company denied the presence of a virus, insisting that these were simply false positives. Alerted by Coward, GData Software conducted extensive analyses of printer drivers. The researchers studied the files hosted on Mega by the Chinese firm.
At least 6 printers are affected
GData's analyses led to the discovery of malware in the driver code of at least six printer models, namely the F8, F13, F13 Pro, V6, V11 Pro, and VF13 Pro. Experts estimate that the viruses have been distributed through Procolored drivers for at least six months. A total of 39 files were infected.
Among the viruses identified by GData is XRedRAT, a remote access Trojan that provides full control of a computer, monitors everything typed, and steals user passwords. Analysis also uncovered a virus called SnipVex, designed to steal victims' cryptocurrencies. This virus is designed to intercept data copied to the clipboard, particularly cryptocurrency wallet addresses, and replace them with an address controlled by the attacker, in order to divert funds. According to researchers, the address used by SnipVex has already received more than 9 bitcoins, or nearly $1 million.
An investigation is open
With its back to the wall, Procolored finally removed all drivers and opened an internal investigation. As a precaution, "all software has been temporarily removed from the official Procolored website." We "conduct a full malware scan of each file, and only after passing strict virus and security checks will the software be re-uploaded," emphasizes the Chinese group. Once "all software has been thoroughly reviewed and confirmed, we will update the website and inform customers through our official channels to download the latest version.".
At this point, it is unknown how the company's official software could have been infected. Procolored states that the "software available on our website was first transferred using USB sticks", and that "it is possible that a virus was introduced at that time." An employee could have taken advantage of the opportunity to try to make money.
Source: G Data
0 Comments