A Chinese printer vendor’s software was found to contain malware, putting thousands of business PCs at risk and raising concerns over supply chain security.
In a concerning development for businesses which use Procolored printers, it has been discovered that the company’s official driver software had been laced with malware. This malicious code, which had been installed in the drivers, could compromise the security of any IT infrastructures running the printers and lead to unauthorized access and data breaches.
Procolored, based in Shenzhen, is best known for its Direct to Film printers which are typically used within the textiles industry. Unfortunately for Procolored customers, the company has unknowingly been distributing these compromised drivers for at least six months. The breach of their printers was only discovered when a user reported unusual activity after installing the drivers, which led to an investigation and the eventual announcement of the compromise.
Almost all businesses still rely on printers in one form or another, so we’re going to see what we can learn from this incident.
The Procolored Malware Incident Explained
The malware at the heart of this compromise is a remote access trojan and a cryptocurrency stealer. These malicious components are used to provide undetected backdoor access to networks, allow attackers to gain unauthorized access to systems, steal sensitive data, and hijack system resources for illicit cryptocurrency mining.
Security researchers at G Data analyzed the software involved in the attack and confirmed the presence of these malicious elements, as well as estimating that the software had been delivering malware for six months. The malware was embedded in the driver packages available on Procolored’s official website, meaning that any users who downloaded and installed these drivers were unknowingly putting their systems at risk.
The discovery was first made by the YouTuber Cameron Coward, who was faced with multiple security warnings after installing the drivers for a Procolored UV printer. Coward’s experience led to him discussing the issue on Reddit before confirming the malware situation in his review of the printer. Procolored has since removed the compromised drivers from its website and has announced that it’s working to address the issue. However, it’s an incident which, once again, underscores the importance of vigilance when installing software, even from official sources.
Protecting Your Network from Similar Threats
Your business may not use Procolored printers, but the threats described in this attack could easily be applied to any piece of hardware you use. Therefore, it’s crucial that you understand the best ways to safeguard your systems against such threats:
- Verify Software Sources: Always make sure that you only download drivers and software directly from official, reputable sources. Even official websites can be compromised, so it’s essential that you verify the authenticity of the software and the security of the source.
- Use Security Software: Utilizing strong antivirus and anti-malware software which detects and blocks malicious software should be one of your main security priorities. Additionally, make sure these tools are regularly updated to identify the latest threats.
- Monitor Your System Activity: It’s important that you keep an eye on system performance and network activity. Unusual behavior, such as unexpected drops in performances or the execution of unknown processes, can be strong signs of malware infections.
For more ways to secure and optimize your business technology, contact your local IT professionals.
