- A manufacturer of Chinese printers served malicious software with software installations for half a year
- Malware included garbage and crypto thieves
- Almost 10 BTC were stolen
Procolored, a large manufacturer of Chinese printers, inacverted its customers inadvertently with wanderings, infosteralists and cryptocurrency thieves – for six months. This is according to the Data Gybersecurity Researchers G, which were lower than the attack on the supply chain by a creator of YouTube content, Cameron Coward.
Apparently Coward wanted to review one of the printers of Procolored and, after trying to install the accompanying software from a USB stick, was alerted to the presence of the Ver Floxif. He contacted the company which rejected the warning as a false positive. Dissatated the answer, Coward turned to Reddit, where his thread was recovered by G Data researchers.
The team found six of the products of the company infected with malware: F8, F13, F13 Pro, V6, V11 Pro and VF13 Pro. They also determined that the latest software update had been carried out in October 2024, which means that the company deploys malicious software for at least half a year before being spotted.
Dozens of unique variants
In total, the researchers found 39 malware detections in 20 executables chopped uniquely. There were rats, Trojan horses, keyboard thieves and cryptocurrency thieves. One of the portfolios belonging to the attackers received nearly 10 BTC, which means that the attackers collected nearly a million dollars with a single malicious software.
It was also said that part of the command and control infrastructure (C2) has been inactive since the beginning of 2024, while the BTC portfolio has not been active since March the same year. This could point out that threat actors have moved to other things, which could mean that the threat is not so pronounced today.
Procolored is a leader in the digital textile print industry, according to Cyberinsider. Company equipment is used in small -scale and creative manufacturing industries, says publication, adding that its presence “sent undulations” through technological and creative communities.
As of May 8, all software was deleted from the Procolored website and an investigation was launched. The company told G Data that its systems were also most likely compromised.
Via Bleeping Compompute
