Bitcoin Thief Discovered In Chinese Printer
The Chinese printer manufacturer Procolored supposedly distributed drivers contaminated with malware that steals Bitcoin. This information was reported this week by the Asian country’s press and indicates that 9.3 BTC were stolen. The manufacturer has stated that it deleted the infected drivers, but they were sent for global download. This issue is said to have been discovered thanks to the persistence of a YouTuber.
In Brief
- Procolored printer manufacturer distributes official driver with malware that steals Bitcoin, according to a report.
- Almost $1 million in Bitcoin were stolen, monitoring indicates.
- Company says it resolved the problem, supposedly discovered by a YouTuber.
Manufacturer Distributes Drivers with Bitcoin-Stealing Virus
Owners of a model of Chinese printer Procolored supposedly received an unwanted gift. It is a malware that steals Bitcoin, according to a report from the Chinese news site Landian News.
According to the publication, the company allegedly used a USB flash drive to upload the virus-compromised software to a cloud storage service for global download. In this case, it was a worm malware and a trojan called Foxif.
This episode also adds to a Binance study that exposes critical vulnerabilities in crypto security.
9.3 BTC Stolen
According to MistTrack, the malware diverted 9.3 BTC, just under $1 million at the time of this edition. The Bitcoins were sent to the wallet involved in the attack, as “the official driver provided by this printer loads a backdoor program. It hijacks the wallet address in the user’s clipboard and replaces it with the attacker’s address”, according to the monitoring company.
The malware’s action occurs when the user copies the address, which is modified by the virus before sending. In this case, the transfer ends up being made to the wallet involved in the attack.
Company Speaks Out After YouTuber Discovery
According to the report, Tiansheng Printer acknowledged the infection, stated that it deleted the infected drivers, and checked all files on May 8.
However, the manufacturer’s acknowledgment reportedly came after the insistence of YouTuber Cameron Coward, who is said to have discovered the malware. It started when he installed the software of a Procolored UV printer and was alerted by an antivirus.
Coward reported that he notified Tiansheng, which reportedly blamed his antivirus. Dissatisfied, the YouTuber said he sought help on a Reddit forum and ended up attracting the attention of security company G-Data.
G-Data’s analysis revealed that the drivers were contaminated with a backdoor called Win32.Backdoor.XRedRAT.A and a cryptocurrency thief based on .NET. In this case designed to swap addresses in the clipboard.
The security company advised users to carefully check the system and scan. If possible, to reinstall the printer driver, which must be obtained by direct contact with Tiansheng technical support.
In the United States, Coinbase faces a wave of lawsuits after revelations compromised the cryptocurrency exchange, involving the hack on May 16.
Maximize your Cointribune experience with our "Read to Earn" program! For every article you read, earn points and access exclusive rewards. Sign up now and start earning benefits.
A versatile journalist who began his career in the exact sciences without ever leaving writing. He began his career in fiction, working in several editorial positions until he discovered the fascinating and revolutionary world of cryptocurrencies in 2020. Since then, blockchain and other technologies have been part of his daily routine, learning and contributing to this fascinating and transformative universe.
The views, thoughts, and opinions expressed in this article belong solely to the author, and should not be taken as investment advice. Do your own research before taking any investment decisions.