A significant security breach has been uncovered in official Procolored printer software, with cybersecurity firm G Data revealing that the manufacturer inadvertently distributed malware-infected software capable of stealing cryptocurrency. The compromise, which remained undetected for at least six months, has potentially affected thousands of users worldwide.
Discovery and Scope of the Security Breach
The security threat came to light when technical blogger Cameron Coward’s antivirus software detected the Floxif USB worm during a routine installation of Procolored V11 Pro printer drivers. Subsequent investigation by G Data’s security team confirmed malicious code presence in software packages for multiple printer models, including the F8, F13, V6, and VF13 Pro series. This widespread infection vector suggests a sophisticated supply chain attack.
Technical Analysis of the Malware Components
G Data’s analysis revealed two primary malware variants embedded in the compromised software: the XRedRAT remote access trojan and the specialized SnipVex cryptocurrency stealer. The attackers’ cryptocurrency wallet, linked to the malware operation, has accumulated over 9.3 BTC (approximately $1 million USD), highlighting the campaign’s significant financial impact.
Security Response and Mitigation Steps
Following initial denial, Procolored acknowledged the security incident on May 8, 2025, attributing the compromise to a potentially infected USB drive used for uploading software packages to their Mega.nz distribution platform. The company has launched an internal investigation and implemented enhanced security measures for their software distribution channels.
Immediate Actions for Affected Users
G Data security experts have verified the safety of Procolored’s latest software releases and recommend the following immediate actions:
– Update all Procolored printer software to the latest verified versions
– Perform comprehensive system scans using updated antivirus software
– Review cryptocurrency wallet transactions for unauthorized activities
– Monitor system behavior for unusual network connections or cryptocurrency-related processes
This security incident serves as a crucial reminder of supply chain vulnerabilities in trusted software distribution channels. Organizations must implement robust security measures, including code signing, integrity verification, and regular security audits of their software distribution infrastructure. The incident also emphasizes the growing sophistication of cryptocurrency-focused malware campaigns and the critical importance of maintaining updated security solutions, even when dealing with official software from established manufacturers.
