- YouTuber Cameron Coward tested a Procolored UV printer to find his antivirus software flagged the drivers as containing malware.
- Chinese printer company Procolored has been accused of distributing Bitcoin-stealing malware.
- The theft is valued at over $950,000 in Bitcoin.
According to a report published on 19 May 2025, by Chinese media outlet Landian News, Chinese printer company Procolored has distributed Bitcoin-stealing malware via their official printer drivers, resulting in the theft of over $950,000 worth of cryptocurrency.
The Shenzhen-based company unknowingly embedded malicious code in its driver software, which was then made available globally via cloud storage platforms.
The malware is reportedly capable of hijacking clipboard data to redirect Bitcoin transactions and is spread through infected USB drivers to unsuspecting users.
The malware campaign is believed to be part of a broader supply chain attack.
The attack has led to the theft of 9.3 BTC (approximately $953,000 at current prices) so far, according to blockchain security firm SlowMist as posted on X.
YouTuber Cameron Coward uncovers malware in printer drivers
The issue was first highlighted by YouTuber Cameron Coward after he tested a Procolored UV printer and found that his antivirus software flagged the drivers as containing malware.
He shared his findings on Reddit, prompting cybersecurity experts to investigate.
The flagged components included a worm and a Trojan virus known as Foxif, containing two types of malware: a backdoor named Win32.Backdoor.XRedRAT.A and a crypto-stealer.
Procolored denies intentional involvement
When approached for comment, Procolored denied the accusations and claimed that antivirus detections were false positives.
However, after being contacted by G-Data, the company acknowledged the breach, stating that the malware was likely introduced through compromised USB drives in a supply chain attack.
Meanwhile, Landian News urged users who have installed Procolored printer drivers within the past six months to conduct full antivirus scans.
They went on to warn that due to potential antivirus shortcomings, a complete system reinstall is the safest course of action.
“Ideally, you should reinstall your operating system and thoroughly check old files”, the company said.
