`This Printer company served you malware for months, called them false positives

Summary

If you own a Procolored inkjet printer, particularly one of the UV models, you might want to check your system for malware, especially if you downloaded the companion software within the past six months, since Procolored was recently found to be distributing malicious software. The first alarm came from Cameron Coward, the creator behind the YouTube channel "Serial Hobbyism." Known for his DIY electronics and tech reviews, Coward was in the middle of reviewing a $6,000 Procolored UV printer and attempting to install its companion software from the included USB drive when his antivirus flagged malware. The threats identified were a USB-spreading worm and a Floxif file infector. When Coward reported the issue to Procolored, the company initially dismissed it as a case of false positives. Still unconvinced by Procolored's assurances, Coward turned to Reddit in search of expert insight. That post caught the attention of cybersecurity firm G Data, which decided to investigate further. One of their analysts examined Procolored's publicly available software downloads, hosted on mega.nz, and mostly last updated around October 2023. VF 11 Pro meganz download | Image via G Data The investigation confirmed the presence of malware not just on Coward's USB drive but also within official downloads for several printer models. G Data identified two main threats: Win32.Backdoor.XRedRAT.A, a Delphi-based backdoor, and MSIL.Trojan-Stealer.CoinStealer.H, a cryptocurrency stealer written in .NET. Although Floxif didn't appear in the website downloads G Data reviewed, its presence on Coward's USB points to the possibility of a more compromised environment at some earlier stage. According to G Data, citing an earlier analysis by eSentire, the XRedRAT backdoor is an older strain of malware, and its command and control server URLs were reportedly already offline when eSentire documented them in February 2024. This particular instance also seemed to have been inactive since at least that tim...