Bitcoin stealer malware found in official printer drivers
Subsequent investigation by cybersecurity firm G Data confirmed the presence of two distinct malware strains in the drivers: a backdoor remote access trojan (Win32.Backdoor.XRedRAT.A) and a crypto-stealer that altered clipboard data to hijack Bitcoin transactions
Chinese printer manufacturer Procolored, based in Shenzhen, was found to have distributed official printer drivers infected with Bitcoin-stealing malware for at least six months.
This malware hijacked users’ clipboard contents to replace cryptocurrency wallet addresses with those controlled by attackers, resulting in the theft of approximately 9.3 BTC, worth over $950,000.
The infection was discovered when YouTuber Cameron Coward, while testing a Procolored UV printer, encountered antivirus alerts detecting a worm and trojan (named Foxif) embedded in the drivers supplied on a USB drive.
Subsequent investigation by cybersecurity firm G Data confirmed the presence of two distinct malware strains in the drivers: a backdoor remote access trojan (Win32.Backdoor.XRedRAT.A) and a crypto-stealer that altered clipboard data to hijack Bitcoin transactions.
Procolored initially denied the claims, attributing antivirus detections to false positives, but later admitted that the malware was introduced via infected USB drives used during software uploads.
