Malware-Infected Printer Exposes Additional Risks for Windows Users

You would expect that a significant investment of $6,000 in a printer would ensure a secure user experience, devoid of viruses and other malware. Unfortunately, the reality surrounding Procolored printers suggests otherwise.

Procolored, a company based in Shenzhen, specializes in UV printers capable of printing on various materials such as wood, acrylic, tile, and plastic. While these printers offer numerous appealing features, an alarming discovery by reviewer Cameron Coward unveiled that they also shipped with malware.

In his product review, Coward received a model of the Procolored V11 Pro DTO UV printer, which included software on a USB thumb drive. Upon unzipping one component, the Microsoft Visual C++ Redistributable, he was alerted by Windows Defender that a Floxif virus had been quarantined.

Floxif belongs to a category of malware that compromises a computer and establishes a backdoor, granting attackers control over the machine and the ability to install additional malware.

Further investigation revealed additional concerns. Coward attempted to download the control software for the printer directly from Procolored’s official website, only to have Google Chrome block the download due to virus detection.

In response to inquiries, the vendor dismissed the malware claims, suggesting that the antivirus software might be generating false positives—mistaking legitimate software for harmful entities.

To validate the situation, Coward enlisted the help of Karsten Hahn, a principal malware researcher at G Data CyberDefense. Hahn conducted a comprehensive analysis of 8 GB of software files for the Procolored products hosted on the file sharing platform mega.nz. While he did not find evidence of Floxif, he did uncover two other harmful strains: Win32.Backdoor.XRedRAT.A, which provides attackers with complete access to the victim’s system, and MSIL.Trojan-Stealer.CoinStealer.H, which illicitly diverts cryptocurrency from users.

Upon presenting these findings to Procolored, the company acknowledged the possibility of a virus being introduced during the initial transfer of software via USB drives. They asserted that they had taken the matter seriously and had temporarily removed all software from their website to conduct thorough scans of their files.

Procolored emphasized their commitment to security, stating that any software would be re-uploaded only after passing stringent virus and security checks. However, many users of Procolored machines had already reported similar issues, indicating that infected files had persisted online for an extended period.

The implications of this scenario extend beyond Procolored. Historically, numerous manufacturers have inadvertently shipped products tainted with malware. For instance, in 2017, IBM reportedly sent out USB devices containing malware designed for initialization of their storage devices. Similarly, in 2018, Schneider Electric cautioned customers about malware found on USB drives distributed with its battery monitoring solutions.

Moreover, a U.S. government initiative providing Android phones to low-income users was discovered to include malware pre-installed on the devices. There have also been instances where recognized brands, such as Sony and Lenovo, delivered products with hidden malicious software or adware, often causing significant security concerns for users.

This episode serves as a reminder that established brands are not immune to security oversights. It is crucial to maintain the same level of vigilance when installing software from any source, regardless of its perceived reliability. Utilizing robust security solutions and exercising caution can significantly mitigate risks in today’s complex cybersecurity landscape.