For at the very least half a 12 months, the official software program provided with Procolored printers included malware within the type of a distant entry trojan and a cryptocurrency stealer.
Procolored is a digital printing options supplier making Direct-to-Movie (DTF), UV DTF, UV, and Direct-to-Garment (DTG) printers. It’s notably recognized for inexpensive and environment friendly material printing options.
The Shenzhen-based firm has grown shortly because it began in 2018, and is now promoting its merchandise in over 31 nations, with a major operational presence in the USA.
Cameron Coward, a YouTuber often known as Serial Hobbyism, found the malware when his safety resolution warned of the presence of the Floxif USB worm on his pc when putting in the companion software program and drivers for a $7,000 Procolored UV printer.
An evaluation performed by researchers at cybersecurity firm G Knowledge, Procolored’s official software program packages delivered the malware for at the very least six months.
Discovering RATs and coin stealers
After getting the menace alerts on his machine, Coward contacted Procolored, who denied transport malware of their software program, pointing to the safety resolution producing false positives.
“If I attempt to obtain the information from their web site or unzip the information on the USB drive they gave me, my pc instantly quarantines them,” the YouTuber stated.
Perplexed by the state of affairs, the YouTuber turned to Reddit for assist with malware evaluation earlier than he might confidently make allegations in his evaluate of the Procolored V11 Professional product.
G Knowledge researcher Karsten Hahn supplied to examine, discovering that at the very least six printer fashions (F8, F13, F13 Professional, V6, V11 Professional, and VF13 Professional) with accompanying software program hosted on the Mega file sharing platform that included contained malware.
Procolored makes use of the Mega service to host the software program assets for its printers, and gives a direct hyperlink to them from the help part of the official web site.
Supply: G Knowledge
The analyst discovered 39 information contaminated with:
- XRedRAT – Identified malware beforehand analyzed by eSentire. Its capabilities embody keylogging, screenshot capturing, distant shell entry, and file manipulation. Hardcoded C2 URLs matched older samples.
- SnipVex – A beforehand undocumented clipper malware that infects .EXE information, attaches to them, and replaces clipboard BTC addresses. Detected in a number of obtain information. Seemingly contaminated Procolored developer methods or construct machines.
Because the information have been final up to date in October 2024, it may be assumed that the malware was shipped with Procolored software program for at the very least six months.
Supply: G Knowledge
Hahn says the handle SnipVex makes use of to dump stolen cryptocurrency has acquired about 9.308 BTC, which is value almost $1 million at right now’s trade charge.
Regardless of Procolored’s preliminary denial, the software program packages have been taken down on Could 8 and an inside investigation was launched.
When G Knowledge requested the printer vendor for a proof, Procolored admitted that they’d uploaded the information to Mega.nz utilizing a USB drive that would have been contaminated by Floxif.
“As a precaution, all software program has been quickly faraway from the Procolored official web site,” defined Procolored to G Knowledge.
“We’re conducting a complete malware scan of each file. Solely after passing stringent virus and safety checks will the software program be re-uploaded.”
G Knowledge acquired the clear software program packages and confirmed they’re protected to make use of.
Procolored prospects are really useful to exchange the previous software program with the brand new variations and to carry out a system scan to take away XRedRAT and SnipVex.
Provided that SnipVex performs binary alterations, a deeper cleansing of the system is really useful to make sure all information are clear.
BleepingComputer has contacted Procolored for a touch upon the state of affairs and whether or not they knowledgeable their prospects of the danger however we now have but to obtain a response.
Primarily based on an evaluation of 14M malicious actions, uncover the highest 10 MITRE ATT&CK strategies behind 93% of assaults and defend towards them.
