Urgent Warning: Bitcoin Stealer Malware Found in Official Printer Drivers

A disturbing discovery has sent ripples through the crypto community and beyond: a sophisticated Bitcoin stealer malware was reportedly distributed through official printer drivers from Chinese manufacturer Procolored. This isn’t just a random virus; it’s a supply chain attack leveraging trusted software to target unsuspecting users and their cryptocurrency holdings. The reported outcome? Over $950,000 in stolen Bitcoin.

What Happened with Procolored Drivers?

According to reports from Chinese media outlet Landian News on May 19, Shenzhen-based Procolored distributed malicious software alongside its legitimate printer drivers. The compromised drivers were allegedly spread via USB devices included with printers and also uploaded to cloud storage for global download. This method represents a classic supply chain attack, where malicious code is injected into legitimate software or hardware distribution channels.

• Malware distributed through official Procolored printer drivers.
• Distribution methods included infected USB drives and cloud storage downloads.
• Attack vector: Injecting malware into trusted software channels.

How Does This Crypto Malware Work?

The specific mechanism of this crypto malware is particularly insidious. As explained by crypto tracking firm Slow Mist, the malicious program operates as a clipboard hijacker. When a user copies a cryptocurrency wallet address (like a Bitcoin address) to their clipboard, the malware intercepts it and replaces it with an address controlled by the attacker. If the user then pastes the address to send funds without double-checking, the Bitcoin is sent directly to the hacker’s wallet instead of the intended recipient.

This type of attack is difficult for users to spot without careful vigilance, as the replacement happens instantly in the background.

The Impact: Stolen Bitcoin and User Risk

The consequences of this attack are significant. Reports indicate that approximately 9.3 BTC, valued at over $953,000 at the time of the report, have been stolen through this scheme. This highlights the financial danger posed by seemingly innocuous software downloads when compromised.

The issue was reportedly brought to light by YouTuber Cameron Coward, whose antivirus flagged malware while testing a Procolored printer and its drivers. Initially, Procolored reportedly dismissed the flags as false positives. However, cybersecurity firm G-Data investigated and confirmed the presence of two types of malware in drivers hosted on services like MEGA, some dating back to October 2023.

• Confirmed malware types: Backdoor (Win32.Backdoor.XRedRAT.A) and a crypto-stealer.
• Stolen funds: Estimated 9.3 BTC (over $953,000).
• Discovery: First flagged by a user, confirmed by cybersecurity experts.

Procolored’s Response and User Recommendations

Procolored has since stated that it deleted the infected drivers on May 8 and rescanned its files. The company attributed the malware to infected USB devices used internally before the drivers were uploaded online, suggesting an internal supply chain attack vector on their end.

For users who have downloaded Procolored printer drivers in the last six months, Landian News recommends immediate action:

• Perform a full system scan using reputable antivirus software.
• Consider a full system reset and operating system reinstallation for maximum security, especially if cryptocurrency activities are performed on the affected computer.
• Thoroughly check old files before transferring them back after a reset.
• Always double-check cryptocurrency wallet addresses before sending transactions, regardless of whether you believe your system is clean.

This incident serves as a stark reminder that even official software from seemingly legitimate sources can be compromised, posing a direct threat to digital assets.

Summary: The Hidden Threat of Printer Malware

The discovery of a Bitcoin stealer distributed via official Procolored printer drivers underscores the evolving nature of cyber threats targeting the crypto space. This printer malware, leveraging a supply chain attack, managed to steal a significant amount of Bitcoin by hijacking clipboards. It highlights the critical need for vigilance when installing *any* software, even from official channels, and reinforces the importance of security practices like verifying wallet addresses and using robust antivirus tools. As the digital landscape becomes more interconnected, protecting against hidden threats like this crypto malware is paramount for anyone holding digital assets.