Proprietary 2024-10-01 · 219 days ·Backdoor, Credential Theft, File Infection

Procolored printer downloads served malware

Procolored printer software links led to infected Mega-hosted downloads for months. G DATA found XRed backdoor files and the SnipVex clipbanker/file infector.

Story

The Procolored case began with a hardware review. A reviewer plugged in vendor-supplied software media for a V11 Pro DTO UV printer and saw antivirus alerts. Procolored initially described the detections as false positives.

G DATA then checked Procolored's public software downloads. The vendor site linked six product download folders hosted on Mega, with files last updated around October 2024. Antivirus scanning found 39 infected files across the public download set.

The malware mix was messy, which matters. PrintExp.exe carried XRed, a Delphi backdoor with keylogging, screenshots, file operations, downloads, command shell access, and a bundled clean program resource. Other files carried SnipVex, a .NET clipbanker and prepending file infector that monitored drives for .exe files and replaced cryptocurrency addresses in the clipboard.

G DATA favored poor hygiene over a targeted implant: old malware, inactive C2, and file-infection spread through software preparation or distribution systems. Procolored removed the downloads around 2025-05-08, investigated, and later provided clean replacement packages for verification.

Affected Artifacts

v11 Pro DTO

procolored website download · procolored.com · Binary Archive

Observed: 2024-10-01 to 2025-05-08
Compromised Versions: Unknown
Fixed: Not listed
Evidence: mirror: mega.nz/folder/TNAWTDKL

G DATA reported six Procolored product download folders on Mega; shared malware hashes remain at the attack level because not every hash is mapped to a product folder. Hackster's review is the primary first-hand account of the vendor-supplied USB media finding.

F8

procolored website download · procolored.com · Binary Archive

Observed: 2024-10-01 to 2025-05-08
Compromised Versions: Unknown
Fixed: Not listed
Evidence: mirror: mega.nz/folder/zBgEiY4K

F13 Pro

procolored website download · procolored.com · Binary Archive

Observed: 2024-10-01 to 2025-05-08
Compromised Versions: Unknown
Fixed: Not listed
Evidence: mirror: mega.nz/folder/3MBG0Rra

V6

procolored website download · procolored.com · Binary Archive

Observed: 2024-10-01 to 2025-05-08
Compromised Versions: Unknown
Fixed: Not listed
Evidence: mirror: mega.nz/folder/yEBVBbwY

V11 Pro

procolored website download · procolored.com · Binary Archive

Observed: 2024-10-01 to 2025-05-08
Compromised Versions: Unknown
Fixed: Not listed
Evidence: mirror: mega.nz/folder/zM413Jbb

VF13 Pro

procolored website download · procolored.com · Binary Archive

Observed: 2024-10-01 to 2025-05-08
Compromised Versions: Unknown
Fixed: Not listed
Evidence: mirror: mega.nz/folder/eMxjWAgT

Incident Context

Motive: Financial Gain
Cause: Compromised Distribution
Transitive: Yes
User Impact: 1000

Indicators

Hashsha256:531d08606455898408672d88513b8a1ac284fdf1fe011019770801b7b46d5434
Hashsha256:39df537aaefb0aa31019d053a61fabf93ba5f8f3934ad0d543cde6db1e8b35d1
Hashsha256:84ef938a63641cf95a87ceaeb3b4893eb720fb5b42a5f42021c29ba11bda0f39
Hashsha256:b14c855ad7600ac9fda2c46b290acac1342d0e08dc1a95901504d8c5aa206606
Hashsha256:81de4cedda6109eacc9a3903a30e3a11622668ce6af533f94beadad052f591fb

External References

The Maker's Toolbox: Procolored V11 Pro DTO UV Printer Reviewhackster.io
Printer company provided infected software downloads for half a yearblog.gdatasoftware.com
Printer maker Procolored offered malware-laced drivers for monthsbleepingcomputer.com
Viruses included in product I'm reviewingreddit.com
This Printer Company Served You Malware for Monthshowtogeek.com
This printer company served you malware for months and dismissed it as false positivesneowin.net

Source record: proprietary/procolor/meta.yaml