Cryptostealing Malware Found in Printer Software Highlights Growing Supply Chain Threat

This post is also available in: עברית (Hebrew)

Cybersecurity Incident Unveils Risks in Printer Hardware

A recent cybersecurity incident has illuminated the unexpected vulnerabilities associated with everyday hardware, particularly printers. Users of Procolored printers may have inadvertently downloaded malware capable of pilfering cryptocurrencies like Bitcoin (BTC), highlighting the escalating dangers posed by software supply chain attacks.

The alarming discovery came to light when tech content creator Cameron Coward reported receiving an antivirus alert linked to Procolored printer software. Following this, cybersecurity researchers from G Data conducted an investigation and uncovered multiple forms of malicious code embedded within installation files available on the manufacturer’s website.

Among the identified threats were:

  • Win32.Backdoor.XRedRAT.A: A remote access tool that facilitates system compromise.
  • MSIL.Trojan-Stealer.CoinStealer.H: A variant specifically designed to extract cryptocurrency wallet information or modify wallet addresses stored in the clipboard, redirecting funds to attackers.

According to reports from Cybernews, these compromised files were last updated in October 2024 and distributed through official channels, potentially affecting users who trusted these downloads as legitimate. Despite initial denials from the company, which suggested that antivirus programs were flagging false positives, the software downloads were quietly removed from the Procolored website around May 8, 2025. The company later acknowledged that the malware might have been introduced during file transfers via USB, committing to reinstating the downloads only after they undergo thorough security scans.

Analysis of one of the attackers’ known wallet addresses revealed a staggering accumulation of 9.3 BTC—approximately 5,000—across 330 transactions before the wallet was emptied. This incident underscores a troubling trend where attackers exploit user trust in device software, a growing vector in hardware-based cyberattacks.

In light of these developments, cybersecurity experts are advising users of affected Procolored products to conduct comprehensive antivirus scans and scrutinize any security exceptions made for printer-related files. For those facing deeper infections, the most reliable course of action is to reformat all drives and reinstall the operating system to ensure a clean slate.

This incident serves as a stark reminder that malware can infiltrate systems not only through phishing emails or dubious applications but also through devices we typically consider secure, potentially leading to significant financial repercussions.

Tech Optimizer
Cryptostealing Malware Found in Printer Software Highlights Growing Supply Chain Threat