A Chinese printer manufacturer allowed one of its printer drivers to get infected with Bitcoin-stealing malware, resulting in the theft of $950,000 before the driver was updated.
The malicious code contained a crypto-stealer that monitored users' clipboards for Bitcoin wallet addresses, as reported by Atlas21. When users copied and pasted a wallet address to send Bitcoin, the malware silently replaced it with the attackers' address instead.
Security firm G Data discovered two malware components working in tandem: a backdoor called Win32.Backdoor.XRedRAT.A that gave attackers system access, and the clipboard-monitoring crypto-stealer. The infected drivers spread both through USB devices and cloud storage.
The scheme was was revealed when YouTuber Cameron Coward's antivirus flagged suspicious code while testing a Procolored UV printer. The company initially dismissed the warning as a false positive, but further investigation proved the threat was real. Procolored has since removed the compromised drivers, claiming they were victims of a supply chain attack through infected USB devices.
Previously:
• Printer malware: print a malicious document, expose your whole LAN
