Facepalm: Procolored builds high-end direct-to-film printers used for customizing t-shirts and different merchandise. Lately, its official software program delivered harmful malware to clients’ methods, exposing severe safety flaws in what must be trusted professional-level gear.
Buying pc peripherals like printers must be a comparatively protected expertise. Nevertheless, tech hobbyist Cameron Coward lately discovered that some ultra-high-end printers costing 1000’s of {dollars} have been infecting PCs with malicious software program. He uncovered the safety risk whereas putting in administration software program for a $6,000 Procolored printer. The software program got here on a USB flash drive included with the system, however his antivirus flagged it as carrying a USB-spreading worm referred to as Floxif.
Coward contacted Procolored, however the firm claimed the antivirus alert was a false constructive. Unconvinced, he turned to Reddit for assist. A malware analyst from G Knowledge examined the software program and uncovered a number of severe threats hidden within the bundle.
Karsten Hahn examined the software program packages hosted by the printer producer on the cloud storage service Mega. Though he discovered no hint of the Floxif file infector, he recognized two separate threats throughout 39 information: a backdoor referred to as XRedRAT and a cryptocurrency stealer designed to deploy a beforehand unknown file infector he dubbed “SnipVex.”
Hahn traced each malware samples to command-and-control servers that had already gone offline. Coward supplied a duplicate of the Floxif malware, however the G Knowledge analyst declined, saying he already had sufficient samples.
“An an infection with a virus like Floxif is among the most extreme, damaging system information past correct restore,” Hahn warned.
Hahn contacted Procolored and acquired extra detailed responses than Coward’s preliminary interplay. The corporate speculated that the malware may need contaminated the USB drive throughout the software program switch. Additionally they famous that the PrintEXP bundle is Chinese language by default, which might trigger some worldwide working methods to flag it as probably harmful.
Procolored subsequently determined to briefly halt official printer software program releases to completely verify the packages for safety points earlier than re-uploading them. Hahn confirmed the brand new packages are clear however warned that the most secure mitigation for infections as harmful as that is to reformat all drives and reinstall the working system.
