security Archives

Malware Found in Official Procolored Printer Drivers

China, G Data, malware, Ophtek, printer drivers, Procolored, RATChina, drivers, Ophtek, printers, Procolored, RAT, security, updatesOphtek, LLC

Jun 2025

A Chinese printer vendor’s software was found to contain malware, putting thousands of business PCs at risk and raising concerns over supply chain security.

In a concerning development for businesses which use Procolored printers, it has been discovered that the company’s official driver software had been laced with malware. This malicious code, which had been installed in the drivers, could compromise the security of any IT infrastructures running the printers and lead to unauthorized access and data breaches.

Procolored, based in Shenzhen, is best known for its Direct to Film printers which are typically used within the textiles industry. Unfortunately for Procolored customers, the company has unknowingly been distributing these compromised drivers for at least six months. The breach of their printers was only discovered when a user reported unusual activity after installing the drivers, which led to an investigation and the eventual announcement of the compromise.

Almost all businesses still rely on printers in one form or another, so we’re going to see what we can learn from this incident.

The Procolored Malware Incident Explained

The malware at the heart of this compromise is a remote access trojan and a cryptocurrency stealer. These malicious components are used to provide undetected backdoor access to networks, allow attackers to gain unauthorized access to systems, steal sensitive data, and hijack system resources for illicit cryptocurrency mining.

Security researchers at G Data analyzed the software involved in the attack and confirmed the presence of these malicious elements, as well as estimating that the software had been delivering malware for six months. The malware was embedded in the driver packages available on Procolored’s official website, meaning that any users who downloaded and installed these drivers were unknowingly putting their systems at risk.

The discovery was first made by the YouTuber Cameron Coward, who was faced with multiple security warnings after installing the drivers for a Procolored UV printer. Coward’s experience led to him discussing the issue on Reddit before confirming the malware situation in his review of the printer. Procolored has since removed the compromised drivers from its website and has announced that it’s working to address the issue. However, it’s an incident which, once again, underscores the importance of vigilance when installing software, even from official sources.

Protecting Your Network from Similar Threats

Your business may not use Procolored printers, but the threats described in this attack could easily be applied to any piece of hardware you use. Therefore, it’s crucial that you understand the best ways to safeguard your systems against such threats:

Verify Software Sources: Always make sure that you only download drivers and software directly from official, reputable sources. Even official websites can be compromised, so it’s essential that you verify the authenticity of the software and the security of the source.
Use Security Software: Utilizing strong antivirus and anti-malware software which detects and blocks malicious software should be one of your main security priorities. Additionally, make sure these tools are regularly updated to identify the latest threats.
Monitor Your System Activity: It’s important that you keep an eye on system performance and network activity. Unusual behavior, such as unexpected drops in performances or the execution of unknown processes, can be strong signs of malware infections.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Fake Security Plugin Targets WordPress Sites

click fraud, malware, Ophtek, security tools, trusted plugins, update regularly, WordPressclick fraud, malware, Ophtek, Plugins, security, updates, wordpressOphtek, LLC

May 2025

A new malware attack is targeting WordPress websites by disguising itself as a security plugin, giving hackers full control over compromised sites.

Thousands of WordPress websites are at risk after a malware campaign was discovered which uses fake security plugins to hijack admin access. These plugins appear, at first glance, to be legitimate, tricking users into installing them. The reward for installing these plugins, the malware claims, is the promise of enhanced website security. However, once installed, the plugin gives hackers full administrative control. This allows the attackers to run malicious code and embed harmful content into the site for their own gain.

With over 810 million WordPress websites online, it makes sense for threat actors to target such a large audience. With so many websites at risk, we decided to take a closer look at this alarming threat so that we could help you keep your own website safe.

WordPress Security Plugin Turns Rogue

The attack is part of a growing trend where cybercriminals exploit trust in popular platforms like WordPress to spread malware through plugins, themes, and outdated software. The malware not only affects site functionality but can also steal user data, serve malicious ads, and damage the website’s reputation in the search engine results page ranking.

Cybersecurity researchers have found that the malicious plugin is being uploaded directly to WordPress installations. This file disguises itself as a genuine security feature in order to deceive victims. However, once installed, it quietly opens a backdoor which grants the attackers full administrative access to the site.

Unfortunately for the internet, hackers are as innovative as they are deceptive, and the malware showcased in this attack uses several techniques to avoid detection. Firstly, it hides itself from the WordPress dashboard, so website admins don’t see it listed alongside any other plugins they use. It also modifies key files in the website setup to make sure that the malware is reinstalled even if a legitimate admin manages to delete it.

The malware has been observed to carry out a number of malicious actions once activated. JavaScript ads and spam obtained from similarly compromised websites is delivered to affected websites, with the focus here being clearly on creating revenue from advertising via click fraud. And with 810 million WordPress websites at risk of being compromised, this could prove to be highly lucrative for the threat actors behind the attack.

How Can You Protect Your WordPress Site?

Attacks such as this demonstrate the importance of practicing good security habits when managing a website. With the risk of reputational and financial damage a very real risk here – especially if you rely on your website for revenue – it’s crucial that you follow our three top tips for protecting your WordPress site:

Only Use Trusted Plugins: Only download plugins and themes from the official WordPress plugin repository or from developers with a proven reputation for safety. Avoid installing plugins shared in forums, online marketplaces, or downloaded from websites that lack credibility.

Keep Everything Updated: Regularly update your WordPress core, themes, and plugins. Hackers will often exploit known vulnerabilities in outdated software, so make sure you don’t make their job easy. Set reminders or enable automatic updates where possible.

Use Strong Security Tools: Install a reliable WordPress security plugin that includes malware scanning, firewall protection, and brute force attack prevention such as Cloudflare, Wordfence, or SolidWP. Also, enable multi-factor authentication for all administrator accounts to reduce the risk of unauthorized access.

For more ways to secure and optimize your business technology, contact your local IT professionals.

UK Retailer Halts Online Sales Following Cyberattack

cyberattack, Incident response plan, Marks and Spencer, Ophtek, Ransomware, software updates, Zero Trustcyberattack, Incident response plan, Marks and Spencer, Ophtek, ransomware, security, updates, vulnerability, Zero TrustOphtek, LLC

May 2025

A major UK retailer has had to suspend all online sales due to a cyberattack which has struck deep at the heart of its operations.

Founded in 1884, Marks and Spencer has served British shoppers for nearly 150 years. In 1999, they launched their online shopping service, and by 2024 they could count 9.4 million active customers on their online platforms. Clearly, their online operations are significant. But this also makes them a tempting target for threat actors looking for either financial gain or the opportunity to simply cause digital chaos.

For Marks and Spencer, this cyberattack has proved costly both in terms of revenue and reputation. And a similar fate could easily be awaiting your business.

How Cybercriminals Disrupted Marks and Spencer’s Operations

Following the Easter holiday weekend, Marks and Spencer was forced into announcing that they had suspended all online sales. Over the weekend, they revealed they had become aware of a major cyberattack affecting their services. Contactless payments in their stores had been failing and their online click-and-collect service had also been affected, with shoppers unable to log into the in-store system to verify their purchases. Several days later, the ability to make online purchases was still unavailable, with many of Marks and Spencer’s international online platforms also suspended.

The exact nature of the attack has not been disclosed yet, with the retailer simply explaining that there has been a cybersecurity incident and that they’re working with experts to resolve this. The official line is that customers do not need to worry about this attack, but with 9 million customers’ details at risk, there is clearly cause for concern. Rumors persist that Marks and Spencer has been the victim of a ransomware attack, but this is purely speculation. Nonetheless, independent security experts have advised customers to keep an eye on their bank statements.

Simple Steps to Shield Your Business from Cyber Threats

Around a quarter of Marks and Spencer’s sales come from their online shopping service, so this cyberattack represents a major blow to their revenue. Additionally, whatever this lapse in security is, it will stick in the minds of shoppers for a long time, potentially encouraging them to take their purchases elsewhere.

So, in an age where e-commerce is such an important aspect of business, it’s crucial that your business knows how to protect itself from similar attacks. To help you keep your defenses in shape, make sure you follow these best practices:

Operate a Zero-Trust Model: Always double check who’s trying to access your PCs and networks. Even if it appears to be a safe connection, it pays to verify it first. Use strong passwords, two-factor authentication, and make sure devices connecting to your network are secure.
Keep Your Software Updated: Vulnerabilities in old software are what hackers get up for in the morning. That’s why it’s vital that you always update your software as soon as updates are available. Updates fix holes in your security and ensure that attackers are unable to breach your defenses so easily.
Develop an Incident Response Plan: Designing a comprehensive incident response plan allows you to take swift, decisive action in the case of an emergency. For Marks and Spencer, this focused on shutting down their online sales, but this could even extend to shutting down all non-essential networks and restricting network access. The quicker you can implement these plans, the sooner you can limit your digital risk.

For more ways to secure and optimize your business technology, contact your local IT professionals.

CoffeeLoader Malware: Hiding in Your GPU

CoffeeLoader, malicious downloads, malware, Ophtek, PC Security, security practices, Suspicious links, UpdatesCofeeLoader, malware, Ophtek, security, updatesOphtek, LLC

May 2025

A new malware named CoffeeLoader exploits computer GPUs to escape security measures, posing a major threat to PC users.

Cybercriminals are constantly enhancing their tactics and looking for new strategies, and the latest threat is CoffeeLoader – a slice of malware which takes an innovative approach to hiding from security tools. Typically, malware runs on the central processing unit (CPU) of a PC, but CoffeeLoader throws a curveball by executing on the graphics processing unit (GPU). Most security software ignores GPU activity, so CoffeeLoader is able to operate silently in the background.

All malware is a nightmare, but malware which can only be described as ingenious is even worse. That’s why Ophtek’s going to give you a quick run through on what’s happened and how you can keep your PCs safe.

Brewing Trouble: The Tactics of CoffeeLoader

The exact mechanics of how CoffeeLoader infects a system has not, as of yet, been revealed. However, as with most malware, it’s likely that CoffeeLoader is used in conjunction with phishing emails and malicious websites. What is known about CoffeeLoader is its unique approach to protecting itself.

One of CoffeeLoader’s key tactics is to integrate ‘call stack spoofing’ into its attack. Security tools usually track how programs execute by monitoring their call stacks. But what, you may ask, is a call stack? Well, to keep it simple, we’ll describe it as a log of commands showing the program’s activity flow. However, this is where CoffeeLoader’s deceptive streak starts. By distorting its stack, it appears as though it’s running legitimate processes. This allows it to blend in with your usual system activity, avoiding detection with ease.

To strengthen its stealth credentials, CoffeeLoader also employs sleep obfuscation. This is a technique used by threat actors to evade detection by inserting artificial delays or sleep functions into its code. This allows the malware to appear inactive or dormant, a technique which enables it to escape detection by behavioral analysis tools.

Finally, CoffeeLoader exploits Windows fibers – these are lightweight execution threads commonly used by genuine, harmless applications. Manipulating these fibers allows the malware to switch execution paths mid-attack, which makes it more unpredictable and difficult for security programs to trace.

Combined, these three techniques underline the dangerous threat contained within CoffeeLoader. From running on a PC’s GPU and using multiple processes to conceal itself, CoffeeLoader can evade detection and exploit an infected system to its heart’s content.

How Can You Avoid Being Burnt by CoffeeLoader?

As cyber threats become more advanced through attacks such as CoffeeLoader, it’s crucial that PC users adopt these best practices to stay safe and protect their systems:

Keep Your Software Updated: one of the simplest ways to protect your IT infrastructure is by ensuring that your applications are kept up-to-date and secure. This can easily be achieved by always downloading the latest software patches and updates as soon as they’re available. Hackers thrive upon outdated software and the associated vulnerabilities, so it’s paramount that you prevent this.
Use Advanced Security Tools: Basic anti-malware software is fine for your average PC user, but businesses often need something a little more robust. Advanced security suites offer behavior-based detection that can analyze and recognize unusual activity.
Be Careful with Downloads and Links: The internet is full of dangers and hazards, so you should avoid downloading anything from untrusted websites or clicking on links in suspicious emails. The best way forwards with downloads and links is to only trust them if they’re from genuine, legitimate websites – this prevents you from downloading malware.

For more ways to secure and optimize your business technology, contact your local IT professionals.

The FBI has warned that fake online file converters are spreading malware, potentially leading to data theft, financial loss, and ransomware attacks.

Cybercriminals are creating fake file conversion websites which appear to offer free tools for converting documents, images, and other file types. Many people use these types of file converters to convert a PDF to a Word document, extract audio from video files, or change an image file to a more suitable format. However, instead of just providing a conversion service, these malicious websites are also infecting users’ PCs with malware.

This attack is especially dangerous as PC users regularly access file conversion websites, but they don’t realize that these sites could be dangerous. Once a visitor has their converted file, they assume all is well. Unfortunately, behind the scenes, much more is going on.

Converting Your Files into Malware

The fake file converter websites often appear in search engine results or through online ads, making them appear safe and legitimate. Some of the most recent ones to have been identified as being at risk include DocuFix and PDFixers. When a user visits one of these sites, they’re typically instructed to upload the file they want to convert. Once the file is uploaded, the website provides a download link for the “converted” file.

However, this file is not what it seems. Although the downloaded file may be a correctly converted file, it will also have malware hidden in it. As well as containing malware, these fake websites will also analyze files uploaded by users for sensitive data e.g. if someone has uploaded a PDF file containing financial information, the threat actors behind the website will be able to harvest this. In many cases, a correctly converted file isn’t even included in the available download, with malware such as Gootloader and Cobalt Strike being the only files on offer.

The impact of this malware can be catastrophic. Running quietly in the background, it can capture personal data, launch ransomware attacks, or even take control of the PC. Accordingly, all PC users need to tread carefully online.

Staying Safe from the Threat of Fake Converters

File converter websites are incredibly useful, but only when they’re the real deal and do exactly what they claim. However, as most internet users accessing these sites are busy working on something, they don’t always pay attention to the site they’re visiting. And this is where cybercriminals have an opportunity to exploit this trust. Therefore, it’s crucial that you understand these best practices for staying safe:

Only Use Trusted Sites: Never use a file converter website that you haven’t thoroughly researched. Always conduct a quick Google search for reviews of the website and carefully read the most recent comments. Even if you’re a regular user of a particular converter website, always double check that the URL is correct – many threat actors mimic official websites by changing a letter or two in order to appear genuine.
Be Cautious When Downloading: Always scan any downloaded files from the internet with your security software. These security tools are regularly updated to identify all new strains of malware and can stop you executing any malicious files. Additionally, if a file converter asks you to install further tools to convert your files, you should immediately stop.

For more ways to secure and optimize your business technology, contact your local IT professionals.

1 2 3 … 51 Next »

Tag Archives: security