According to local media reports, the Chinese printer manufacturer distributed its official drivers as well as bitcoin-chori malware.
Chinese news outlet landian news Informed The Shenzhen-based printer company has been announced on May 19BTC) Malware with official drivers. The company allegedly used USB drivers to distribute malware-grid drivers and upload the software compromised on cloud storage for global downloads.
According to the report, a total of 9.3 BTCs of more than $ 953,000 have been stolen. Crypto tracking and compliance firm Slow Mist explained how malware operates on May 19 Post,
“The official driver provided by this printer performs a backdoor program. It will kidnap the wallet address in the user’s clipboard and replace it with the attacker’s address.”
Connected: Large -scale supply chain attacks targeting small number of crypto companies: Kasperki
YouTuber flagged malware in drivers.
Landian News recommended users who downloaded printer drivers in the last six months, “scan a full system immediately using antivirus software.” Nevertheless, given the hit or miss nature of antivirus software, a full system reset is always a better option when doubt is:
“Ideally, you should re -install your operating system and check the old files thoroughly.”
The issue was reportedly reported by YouTuber for the first time Cameron CowardWhose antivirus software detected malware in drivers, which test a UV printer. The software marked the drive as a fexy name in the form of a worm and the Trojan virus.
Connected: The coinbase faces a $ 400m bill after the insider fishing attack
Cyber security company confirms Crypto-Chori Malware
On contact, the proclaimed claims denied and dismissed the antivirus tool and flagged the drivers as false positives. Got coward redditWhere he shared the issue with cyber security professionals, which attracted the attention of cyber security firm G-Detta.
G-detta Investigation It was found that most of the drivers of most procold were hosted on the file hosting service mega, with the old uploads as October 2023. The analysis of those files confirmed that they were compromised by two separate pieces of malware: backdoor Win32.Backdoor.xredrat.a and a Crypto Steler were designed to address in clipboard, with those attackers.
The G-Data made a procedure contacted, the hardware manufacturer said that it removed the infected drivers from its storage on 8 May and scanned all the files again. Procused malware attributed to a supply chain agreement, stating that malicious files were introduced through infected USB devices before uploading online.
Connected: Crypto Drainers as a Service: What you should know
