Ophtek Archives

Malware Found in Official Procolored Printer Drivers

China, G Data, malware, Ophtek, printer drivers, Procolored, RATChina, drivers, Ophtek, printers, Procolored, RAT, security, updatesOphtek, LLC

Jun 2025

A Chinese printer vendor’s software was found to contain malware, putting thousands of business PCs at risk and raising concerns over supply chain security.

In a concerning development for businesses which use Procolored printers, it has been discovered that the company’s official driver software had been laced with malware. This malicious code, which had been installed in the drivers, could compromise the security of any IT infrastructures running the printers and lead to unauthorized access and data breaches.

Procolored, based in Shenzhen, is best known for its Direct to Film printers which are typically used within the textiles industry. Unfortunately for Procolored customers, the company has unknowingly been distributing these compromised drivers for at least six months. The breach of their printers was only discovered when a user reported unusual activity after installing the drivers, which led to an investigation and the eventual announcement of the compromise.

Almost all businesses still rely on printers in one form or another, so we’re going to see what we can learn from this incident.

The Procolored Malware Incident Explained

The malware at the heart of this compromise is a remote access trojan and a cryptocurrency stealer. These malicious components are used to provide undetected backdoor access to networks, allow attackers to gain unauthorized access to systems, steal sensitive data, and hijack system resources for illicit cryptocurrency mining.

Security researchers at G Data analyzed the software involved in the attack and confirmed the presence of these malicious elements, as well as estimating that the software had been delivering malware for six months. The malware was embedded in the driver packages available on Procolored’s official website, meaning that any users who downloaded and installed these drivers were unknowingly putting their systems at risk.

The discovery was first made by the YouTuber Cameron Coward, who was faced with multiple security warnings after installing the drivers for a Procolored UV printer. Coward’s experience led to him discussing the issue on Reddit before confirming the malware situation in his review of the printer. Procolored has since removed the compromised drivers from its website and has announced that it’s working to address the issue. However, it’s an incident which, once again, underscores the importance of vigilance when installing software, even from official sources.

Protecting Your Network from Similar Threats

Your business may not use Procolored printers, but the threats described in this attack could easily be applied to any piece of hardware you use. Therefore, it’s crucial that you understand the best ways to safeguard your systems against such threats:

Verify Software Sources: Always make sure that you only download drivers and software directly from official, reputable sources. Even official websites can be compromised, so it’s essential that you verify the authenticity of the software and the security of the source.
Use Security Software: Utilizing strong antivirus and anti-malware software which detects and blocks malicious software should be one of your main security priorities. Additionally, make sure these tools are regularly updated to identify the latest threats.
Monitor Your System Activity: It’s important that you keep an eye on system performance and network activity. Unusual behavior, such as unexpected drops in performances or the execution of unknown processes, can be strong signs of malware infections.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Is Your Compromised Router Working for Hackers?

5Socks, Hackers, Online Proxy, Ophtek, Routers, The Moon5Socks, hackers, Online Proxy, Ophtek, routers, TheMoonOphtek, LLC

Jun 2025

The FBI has warned that outdated routers are being hijacked by cybercriminals to hide illegal activity and build massive, untraceable proxy networks.

The FBI has recently issued a security alert which is of interest to anyone who logs onto the internet on a daily basis. The alert centers upon outdated internet routers which are being targeted by cybercriminals. The routers at the heart of this attack all have one thing in common: they’re no longer supported by their manufacturers. These vulnerable devices, therefore, are perfect for the attackers to exploit and turn them into tools for cybercrime. As the threat actors are combining these compromised routers into huge proxy networks, identifying the perpetrators behind the attack is fiendishly difficult.

How Have the Routers Become Compromised?

The attack relies on a strain of malware called “TheMoon,” which is used to infect end-of-life (EoL) routers. An EoL device is one which no longer receives any firmware or security updates from its developer, typically as the device is of a certain age and has been superseded by more modern devices. This EoL status makes these devices a major security risk as there’s no protection against newly discovered vulnerabilities. Once compromised, these routers become part of a network of proxies used by the attackers to shield their identities when committing crimes online.

Routers at risk of this attack include EoL routers from popular brands such as Linksys, Cisco, and Cradlepoint. Once the attacker gains access to the router, they have all the time in the world to install the malware, which connects the router to a command-and-control server. The router can then be used to recruit other compromised devices and re-route malicious internet traffic. In particular, these proxies have been observed to be involved in cryptocurrency theft, Malware-as-a-Service activities and general data theft. And, due to the stealthy nature of the attack, the victim will have no idea what’s taking place.

The infected routers are also being sold as part of proxy-for-hire services like 5Socks and Online Proxy. These are underground networks where hackers can purchase access to compromised routers, allowing other them to disguise their malicious tracks by appearing to connect from genuine and trusted IP addresses. This innovative approach helps protects the trackers true destination from any law enforcement investigations and, instead, appears to incriminate innocent homes and businesses.

The FBI has also revealed that some of the compromised routers appear to have been used by Chinese-sponsored hackers to attack major US infrastructures, indicating a professional operation designed to create maximum damage.

How Do You Keep Your Router Safe?

This latest attack may be stealthy, but there are often telltale signs that your router has been compromised. Slower internet speeds, for example, are a common side-effect caused by the lack of resources available for genuine tasks. The increased activity can also lead to overheating alongside the appearance of new administrator accounts, and unusual internet traffic patterns.

In order to maintain the security of your router, make sure you follow these steps:

Upgrade Your Hardware: If your router is no longer supported by the manufacturer with security updates, you have no alternative but to replace it. This is the single most effective way to block attacks of this nature and failing to do so will instantly increase the chances of your defenses being breached.
Change Default Passwords: Routers are well known for being shipped with default passwords, which represents a major security risk. Accordingly, it’s vital that you always change default usernames and passwords before any routers are made active on your network.
Monitor Your Network: Install firewalls, intrusion detection systems, and network monitoring tools to record and identify any abnormal traffic patterns or device behavior. The earlier these are the detected, the quicker you can limit the impact of the breach.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Fake Security Plugin Targets WordPress Sites

click fraud, malware, Ophtek, security tools, trusted plugins, update regularly, WordPressclick fraud, malware, Ophtek, Plugins, security, updates, wordpressOphtek, LLC

May 2025

A new malware attack is targeting WordPress websites by disguising itself as a security plugin, giving hackers full control over compromised sites.

Thousands of WordPress websites are at risk after a malware campaign was discovered which uses fake security plugins to hijack admin access. These plugins appear, at first glance, to be legitimate, tricking users into installing them. The reward for installing these plugins, the malware claims, is the promise of enhanced website security. However, once installed, the plugin gives hackers full administrative control. This allows the attackers to run malicious code and embed harmful content into the site for their own gain.

With over 810 million WordPress websites online, it makes sense for threat actors to target such a large audience. With so many websites at risk, we decided to take a closer look at this alarming threat so that we could help you keep your own website safe.

WordPress Security Plugin Turns Rogue

The attack is part of a growing trend where cybercriminals exploit trust in popular platforms like WordPress to spread malware through plugins, themes, and outdated software. The malware not only affects site functionality but can also steal user data, serve malicious ads, and damage the website’s reputation in the search engine results page ranking.

Cybersecurity researchers have found that the malicious plugin is being uploaded directly to WordPress installations. This file disguises itself as a genuine security feature in order to deceive victims. However, once installed, it quietly opens a backdoor which grants the attackers full administrative access to the site.

Unfortunately for the internet, hackers are as innovative as they are deceptive, and the malware showcased in this attack uses several techniques to avoid detection. Firstly, it hides itself from the WordPress dashboard, so website admins don’t see it listed alongside any other plugins they use. It also modifies key files in the website setup to make sure that the malware is reinstalled even if a legitimate admin manages to delete it.

The malware has been observed to carry out a number of malicious actions once activated. JavaScript ads and spam obtained from similarly compromised websites is delivered to affected websites, with the focus here being clearly on creating revenue from advertising via click fraud. And with 810 million WordPress websites at risk of being compromised, this could prove to be highly lucrative for the threat actors behind the attack.

How Can You Protect Your WordPress Site?

Attacks such as this demonstrate the importance of practicing good security habits when managing a website. With the risk of reputational and financial damage a very real risk here – especially if you rely on your website for revenue – it’s crucial that you follow our three top tips for protecting your WordPress site:

Only Use Trusted Plugins: Only download plugins and themes from the official WordPress plugin repository or from developers with a proven reputation for safety. Avoid installing plugins shared in forums, online marketplaces, or downloaded from websites that lack credibility.

Keep Everything Updated: Regularly update your WordPress core, themes, and plugins. Hackers will often exploit known vulnerabilities in outdated software, so make sure you don’t make their job easy. Set reminders or enable automatic updates where possible.

Use Strong Security Tools: Install a reliable WordPress security plugin that includes malware scanning, firewall protection, and brute force attack prevention such as Cloudflare, Wordfence, or SolidWP. Also, enable multi-factor authentication for all administrator accounts to reduce the risk of unauthorized access.

For more ways to secure and optimize your business technology, contact your local IT professionals.

UK Retailer Halts Online Sales Following Cyberattack

cyberattack, Incident response plan, Marks and Spencer, Ophtek, Ransomware, software updates, Zero Trustcyberattack, Incident response plan, Marks and Spencer, Ophtek, ransomware, security, updates, vulnerability, Zero TrustOphtek, LLC

May 2025

A major UK retailer has had to suspend all online sales due to a cyberattack which has struck deep at the heart of its operations.

Founded in 1884, Marks and Spencer has served British shoppers for nearly 150 years. In 1999, they launched their online shopping service, and by 2024 they could count 9.4 million active customers on their online platforms. Clearly, their online operations are significant. But this also makes them a tempting target for threat actors looking for either financial gain or the opportunity to simply cause digital chaos.

For Marks and Spencer, this cyberattack has proved costly both in terms of revenue and reputation. And a similar fate could easily be awaiting your business.

How Cybercriminals Disrupted Marks and Spencer’s Operations

Following the Easter holiday weekend, Marks and Spencer was forced into announcing that they had suspended all online sales. Over the weekend, they revealed they had become aware of a major cyberattack affecting their services. Contactless payments in their stores had been failing and their online click-and-collect service had also been affected, with shoppers unable to log into the in-store system to verify their purchases. Several days later, the ability to make online purchases was still unavailable, with many of Marks and Spencer’s international online platforms also suspended.

The exact nature of the attack has not been disclosed yet, with the retailer simply explaining that there has been a cybersecurity incident and that they’re working with experts to resolve this. The official line is that customers do not need to worry about this attack, but with 9 million customers’ details at risk, there is clearly cause for concern. Rumors persist that Marks and Spencer has been the victim of a ransomware attack, but this is purely speculation. Nonetheless, independent security experts have advised customers to keep an eye on their bank statements.

Simple Steps to Shield Your Business from Cyber Threats

Around a quarter of Marks and Spencer’s sales come from their online shopping service, so this cyberattack represents a major blow to their revenue. Additionally, whatever this lapse in security is, it will stick in the minds of shoppers for a long time, potentially encouraging them to take their purchases elsewhere.

So, in an age where e-commerce is such an important aspect of business, it’s crucial that your business knows how to protect itself from similar attacks. To help you keep your defenses in shape, make sure you follow these best practices:

Operate a Zero-Trust Model: Always double check who’s trying to access your PCs and networks. Even if it appears to be a safe connection, it pays to verify it first. Use strong passwords, two-factor authentication, and make sure devices connecting to your network are secure.
Keep Your Software Updated: Vulnerabilities in old software are what hackers get up for in the morning. That’s why it’s vital that you always update your software as soon as updates are available. Updates fix holes in your security and ensure that attackers are unable to breach your defenses so easily.
Develop an Incident Response Plan: Designing a comprehensive incident response plan allows you to take swift, decisive action in the case of an emergency. For Marks and Spencer, this focused on shutting down their online sales, but this could even extend to shutting down all non-essential networks and restricting network access. The quicker you can implement these plans, the sooner you can limit your digital risk.

For more ways to secure and optimize your business technology, contact your local IT professionals.

5 Tech Upgrades Your Business Can’t Ignore in 2025

official upgrades, Ophtek, Repairs and Upgrades, system upgrades, upgrade hardware, upgrade softwarehardware upgrades, Official upgrades, Ophtek, repairs, software upgrades, system upgradesOphtek, LLC

May 2025

It’s time to upgrade your business tech to make sure you can remain competitive, improve your productivity and enhance your security in 2025.

Technology can seem complicated, even intimidating. But in 2025 it doesn’t have to be this way. Instead, you can give your business a serious boost by upgrading a few simple tools. Whether you’re managing a small business or running things on your own, Ophtek has five amazing tech upgrades which can maximize your productivity and keep you one step ahead of your competitors:

Upgrade to Solid State Drives: Traditional hard drives are slower and more prone to failure compared to modern solid-state drives (SSD). Therefore, if you’re still making do with old-style hard drives, 2025 is the time to start upgrading your PCs to SSDs. This upgrade will significantly reduce boot-up times and make your programs load in seconds instead of minutes. SSDs are also less power hungry and tend to be more durable, making them a perfect eco-friendly option.
Step Up to a Modern Router: Outdated routers are the quickest productivity killers in small offices. A modern router with Wi-Fi 6 or Wi-Fi 6E delivers faster internet speeds and improved stability, which is critical when multiple employees are connected at once. The increase in performance will also enhance video conferencing and large file uploads, ensuring remote collaboration runs smoothly. As well as all this, a new router opens your PCs up to stronger security options.
Upgrade Your Printers to Cloud Models: Old printers can be slow, clunky, and hard to connect to, so this is one area where you really need to upgrade. Cloud-connected printers allow staff to print from any device, including laptops and even smartphones, whether they’re based in the office or working remotely. These printers also benefit from improved security, simpler troubleshooting, and features like automatic supply reordering to ensure you never run out of toner.
Switch to Cloud-Based Collaborative Tools: Workplace collaboration tools like Microsoft 365, Google Workspace, and Asana have become essential in modern businesses. They allow your teams to work together on documents and projects in real time, with no need to waste time emailing attachments. Everything you need from calendars, files, and chat transcripts is saved in the cloud, ensuring that your files are always backed up and accessible from anywhere.
Use Password Managers: Trying to remember passwords is difficult at the best of times, and reusing the same one everywhere represents a major security risk. This is why you need to invest in a password manager which securely stores all your login details and can help you generate strong, unique passwords for all your accounts. Password managers to consider include Bitwarden, LastPass, and 1Password.

Final Thoughts

You don’t need to completely overhaul your entire IT infrastructure to make a big difference in 2025. Instead, by implementing a few smart upgrades, you can minimize frustration, improve security, and make your team more productive. Best of all, these changes are affordable and easy to put in place.

For more ways to secure and optimize your business technology, contact your local IT professionals.

1 2 3 … 62 Next »

Tag Archives: Ophtek