Cameron Coward, a YouTuber known as Serial Hobbyism, discovered the malware when his security solution warned of the presence of the Floxif USB worm on his computer when installing the companion software and drivers for a $7,000 Procolored UV printer. G Data researcher Karsten Hahn offered to investigate, finding that at least six printer models (F8, F13, F13 Pro, V6, V11 Pro, and VF13 Pro) with accompanying software hosted on the Mega file sharing platform that included contained malware. For at least half a year, the official software supplied with Procolored printers included malware in the form of a remote access trojan and a cryptocurrency stealer. After getting the threat alerts on his machine, Coward contacted Procolored, who denied shipping malware in their software, pointing to the security solution generating false positives. An analysis conducted by researchers at cybersecurity company G Data, Procolored’s official software packages delivered the malware for at least six months. Procolored uses the Mega service to host the software resources for its printers, and offers a direct link to them from the support section of the official website. Since the files were last updated in October 2024, it can be assumed that the malware was shipped with Procolored software for at least six months. “As a precaution, all software has been temporarily removed from the Procolored official website,” explained Procolored to G Data. When G Data asked the printer vendor for an explanation, Procolored admitted that they had uploaded the files to Mega.nz using a USB drive that could have been infected by Floxif. Procolored customers are recommended to replace the old software with the new versions and to perform a system scan to remove XRedRAT and SnipVex. Perplexed by the situation, the YouTuber turned to Reddit for help with malware analysis before he could confidently make allegations in his review of the Procolored V11 Pro product. Bill Toulas Bill Toulas is a tech writer and infosec news reporter with over a decade of experience working on various online publications, covering open-source, Linux, malware, data breach incidents, and hacks.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Fri, 16 May 2025 15:00:08 +0000