ProColor
ProColor printer drivers contained malware
ProColor, a UV printer manufacturer, distributed official drivers and software that contained malware through its website and USB drives provided with printers. The malware (XRedRAT backdoor, SnipVex clipboard bitcoin stealer, and Floxif file infector) affected multiple printer models, allowing file infections, cryptocurrency theft, and potential remote access to infected systems.
- Date
- 2024-11-01 to 2025-05-08
- Category
- Commercial
- Target Surface
- Distribution
- Insertion Phase
- distribution
- Impact
- Backdoor
- Cause
- compromised distribution
What Was Affected
Package
ProColor
Languagemultiple
ComponentDriver
Artifact typebinary archive
Domain typeproduct host
Domain
procolor.com
Compromised Versions
- v11 Pro DTO
- F8
- F13 Pro
- V6
- V11 Pro
- VF13 Pro
Incident Context
- Motive
- financial gain
- Transitive
- Yes
- User Impact
- 1000
- Observed Duration
- 188 days
Evidence
Current Artifacts and Analysis
Indicators and Changes
Hashes
sha256:531d08606455898408672d88513b8a1ac284fdf1fe011019770801b7b46d5434sha256:39df537aaefb0aa31019d053a61fabf93ba5f8f3934ad0d543cde6db1e8b35d1sha256:84ef938a63641cf95a87ceaeb3b4893eb720fb5b42a5f42021c29ba11bda0f39sha256:b14c855ad7600ac9fda2c46b290acac1342d0e08dc1a95901504d8c5aa206606sha256:81de4cedda6109eacc9a3903a30e3a11622668ce6af533f94beadad052f591fb
External References
- howtogeek.com/procolored-malware-infected-drivers
- hackster.io/news/the-maker-s-toolbox-procolored-v11-pro-dto-uv-printer-review-680d491e17e3
- gdatasoftware.com/blog/2025/05/38200-printer-infected-software-downloads
- reddit.com/r/computerviruses/comments/1kbkmgq/viruses_included_in_product_im_reviewing
- neowin.net/news/this-printer-company-served-you-malware-for-months-and-dismissed-it-as-false-positives
Source Data
Source record: proprietary/procolor/meta.yaml