{"id":7603,"date":"2025-05-17T15:16:18","date_gmt":"2025-05-17T06:16:18","guid":{"rendered":"https:\/\/aireviewirush.com\/?p=7603"},"modified":"2025-05-17T15:16:18","modified_gmt":"2025-05-17T06:16:18","slug":"warning-this-printer-vendors-software-program-contained-malware","status":"publish","type":"post","link":"https:\/\/aireviewirush.com\/?p=7603","title":{"rendered":"Warning: This Printer Vendor&#8217;s Software program Contained Malware"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div id=\"article\">\n<p>Should you personal a <a href=\"https:\/\/www.pcmag.com\/picks\/the-best-printers\" target=\"_self\" rel=\"noopener\">printer<\/a> from China-based Procolored, be careful: The corporate\u2019s driver information are stuffed with <a href=\"https:\/\/www.pcmag.com\/picks\/the-best-malware-removal-and-protection-software\" target=\"_self\" rel=\"noopener\">malware<\/a>, together with a Home windows-based backdoor.<\/p>\n<p>Karsten Hahn, a researcher at cybersecurity vendor G Information, <a href=\"https:\/\/www.gdatasoftware.com\/blog\/2025\/05\/38200-printer-infected-software-downloads\" target=\"_blank\" title=\"(Opens in a new tab)\" rel=\"noopener\">reported<\/a> the findings on Thursday. &#8220;A printer firm offered contaminated printer software program for half a 12 months,&#8221; he stated.<\/p>\n<p>Hahn started investigating after YouTuber Cameron Coward at <a href=\"https:\/\/www.youtube.com\/@serialhobbyism_official\/videos\" target=\"_blank\" title=\"(Opens in a new tab)\" rel=\"noopener\">Serial Hobbyism<\/a> obtained a printer from Procolored, a supplier of direct-to-film printers, which can be utilized for creating customized T-shirts. Whereas testing the printer for a assessment, the built-in antivirus <a href=\"https:\/\/www.pcmag.com\/reviews\/microsoft-defender-antivirus\" target=\"_self\" rel=\"noopener\">Home windows Defender<\/a> and Google&#8217;s Chrome browser alerted him of malware threats on his PC.\u00a0<\/p>\n<p>His laptop had been hit with <a href=\"https:\/\/www.microsoft.com\/en-us\/wdsi\/threats\/threat-search?query=virus:win32\/flox\" target=\"_blank\" title=\"(Opens in a new tab)\" rel=\"noopener\">Floxif<\/a>, a strong malware that may change\u00a0Home windows executables and set up different malicious code. It may possibly additionally unfold itself via linked USB drives. Coward\u2019s PC obtained the malware alert after putting in software program <a href=\"https:\/\/www.hackster.io\/news\/the-maker-s-toolbox-procolored-v11-pro-dto-uv-printer-review-680d491e17e3\" target=\"_blank\" title=\"(Opens in a new tab)\" rel=\"noopener\">from<\/a> a ZIP folder on the \u201cUSB thumb drive Procolored equipped with the printer.\u201d<\/p>\n<p>Though Procolored, a Shenzhen-based firm, claimed the malware alerts have been false-positives, Coward <a href=\"https:\/\/www.reddit.com\/r\/computerviruses\/comments\/1kbkmgq\/viruses_included_in_product_im_reviewing\/\" target=\"_blank\" title=\"(Opens in a new tab)\" rel=\"noopener\">posted<\/a> a name on Reddit for a third-party safety researcher to double-check. Hahn at G Information started investigating and traced the menace to the printer driver information hosted on Procolored&#8217;s web site.\u00a0<\/p>\n<p><img decoding=\"async\" class=\"\" src=\"https:\/\/i.pcmag.com\/imagery\/articles\/006xhgCMtmIxQubV5ueijOj-2.png\" data-lazy-sized=\"\" alt=\"The Mega.nz site hosting the files\" data-image-path=\"articles\/006xhgCMtmIxQubV5ueijOj-2.png\"\/><\/p>\n<p>\n    <small>(Credit score: Mega.nz\/Procolored)<\/small>\n<\/p>\n<p>Surprisingly, Procolored continues to host the printer driver information for six merchandise on a third-party Mega.nz file sharing account. Hahn\u2019s <a href=\"https:\/\/www.pcmag.com\/picks\/the-best-antivirus-protection\" target=\"_self\" rel=\"noopener\">antivirus<\/a> scan discovered that 39 of the information triggered two malware detections: One for a cryptocurrency pockets stealer, the opposite a backdoor for Home windows PCs dubbed XRed.\u00a0\u00a0<\/p>\n<div class=\"relative m-auto my-12 rounded-md border border-black bg-white p-4 md:my-16\" role=\"region\" aria-label=\"Newsletter Sign-Up\" x-data=\"window.newsletters()\" x-init=\"initNewsletter({\" id=\"\" experts=\"\" keep=\"\" you=\"\" safe=\"\" from=\"\" malware=\"\" viruses=\"\" hacks=\"\" and=\"\" privacy=\"\" exploits=\"\" by=\"\" keeping=\"\" current=\"\" on=\"\" the=\"\" latest=\"\" vulnerabilities.=\"\" security=\"\" watch=\"\" with=\"\" news=\"\" updates=\"\" up=\"\" for=\"\" our=\"\" securitywatch=\"\" newsletter=\"\" most=\"\" important=\"\" stories=\"\" delivered=\"\" right=\"\" to=\"\" your=\"\" inbox.=\"\" x-show=\"showEmailSignUp()\" x-intersect.once=\"window.trackGAImpressionEvents(\" pcmag-on-site-newsletter-block=\"\">\n<p>        <!-- Title on the border --><\/p>\n<p>\n            <span class=\"font-stretch-condensed font-sans font-bold text-black\">Get Our Finest Tales!<\/span>\n        <\/p>\n<div x-show=\"!isSuccess\">\n            <!-- Main content --><\/p>\n<div class=\"flex flex-col md:flex-row md:items-center md:gap-6\">\n                <!-- Title section with envelope background --><\/p>\n<div class=\"relative md:w-1\/3\">\n                    <!-- Mobile envelope image (top right corner) --><br \/>\n                    <img decoding=\"async\" class=\"absolute right-2 top-2 md:hidden\" src=\"https:\/\/www.pcmag.com\/images\/newsletter-envelope.svg\" alt=\"Newsletter Icon\"\/><\/p>\n<p>                    <!-- Desktop envelope image (behind title) --><br \/>\n                    <img decoding=\"async\" class=\"opacity-20 absolute right-0 z-0 hidden md:block\" src=\"https:\/\/www.pcmag.com\/images\/newsletter-envelope.svg\" alt=\"Newsletter Icon\"\/><\/p>\n<p>                    <!-- Title text --><\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_53 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title \" >Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\" role=\"button\"><label for=\"item-69e745f55e7a1\" ><span class=\"\"><span style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input aria-label=\"Toggle\" aria-label=\"item-69e745f55e7a1\"  type=\"checkbox\" id=\"item-69e745f55e7a1\"><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/aireviewirush.com\/?p=7603\/#Keep_Secure_With_the_Newest_Safety_Information_and_Updates\" title=\"\n                        Keep Secure With the Newest Safety Information and Updates \n                    \">\n                        Keep Secure With the Newest Safety Information and Updates \n                    <\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/aireviewirush.com\/?p=7603\/#Advisable_by_Our_Editors\" title=\"Advisable by Our Editors\">Advisable by Our Editors<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/aireviewirush.com\/?p=7603\/#About_Michael_Kan\" title=\"About Michael Kan\">About Michael Kan<\/a><ul class='ez-toc-list-level-4'><li class='ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/aireviewirush.com\/?p=7603\/#Senior_Reporter\" title=\"Senior Reporter\">Senior Reporter<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/aireviewirush.com\/?p=7603\/#Learn_the_newest_from_Michael_Kan\" title=\"Learn the newest from Michael Kan\">Learn the newest from Michael Kan<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n<h3 class=\"relative z-10 my-1 ml-1 font-barlow-condensed text-3xl font-medium leading-none text-red-400 md:ml-1 md:text-4xl md:leading-compact\"><span class=\"ez-toc-section\" id=\"Keep_Secure_With_the_Newest_Safety_Information_and_Updates\"><\/span>\n                        Keep Secure With the Newest Safety Information and Updates<br \/>\n                    <span class=\"ez-toc-section-end\"><\/span><\/h3>\n<\/p><\/div>\n<p>                <!-- Form section --><\/p>\n<div class=\"mt-3 md:mr-2 md:mt-0 md:w-2\/3\" x-ref=\"emailForm\" x-on:form-onsuccess.window=\"isSuccess = $event.detail.value\" tracking-source=\"article\">\n<p class=\"mb-4 ml-1 font-barlow-semi-condensed text-base font-medium leading-compact\">\n                        Join our SecurityWatch publication for our most vital privateness and safety tales delivered proper to your inbox.\n                    <\/p>\n<p class=\"font-['Inter'] text-[10px] text-xs font-normal leading-[14px] text-black\">\n                        By clicking Signal Me Up, you affirm you might be 16+ and conform to our <a class=\"underline\" href=\"https:\/\/www.pcmag.com\/terms\" target=\"_blank\" rel=\"noopener\">Phrases of Use<\/a> and <a class=\"underline\" href=\"https:\/\/www.pcmag.com\/privacy\" target=\"_blank\" rel=\"noopener\">Privateness Coverage<\/a>.\n                    <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"py-4 text-center\" x-show=\"isSuccess\" x-cloak=\"\">\n            <svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"w-12 h-12 text-green-400 mx-auto\" aria-hidden=\"true\" data-prefix=\"far\" data-icon=\"check-circle\" viewbox=\"0 0 512 512\"><path fill=\"currentColor\" d=\"M256 8C119.033 8 8 119.033 8 256s111.033 248 248 248 248-111.033 248-248S392.967 8 256 8zm0 48c110.532 0 200 89.451 200 200 0 110.532-89.451 200-200 200-110.532 0-200-89.451-200-200 0-110.532 89.451-200 200-200m140.204 130.267-22.536-22.718c-4.667-4.705-12.265-4.736-16.97-.068L215.346 303.697l-59.792-60.277c-4.667-4.705-12.265-4.736-16.97-.069l-22.719 22.536c-4.705 4.667-4.736 12.265-.068 16.971l90.781 91.516c4.667 4.705 12.265 4.736 16.97.068l172.589-171.204c4.704-4.668 4.734-12.266.067-16.971z\"\/><\/svg>            <\/p>\n<p class=\"text-green-500 mt-2 text-xl font-bold\">Thanks for signing up!<\/p>\n<p class=\"mt-2\">Your subscription has been confirmed. Control your inbox!<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>Hahn estimates the malicious driver information have been circulating for half a 12 months as a result of the Mega.nz listing reveals lots of the information have been final up to date about six months in the past. His investigation additionally uncovered proof that driver information had been initially tampered with on a system that had been \u201ccontaminated a number of occasions\u201d with totally different sorts of malware, which could clarify why Hahn\u2019s PC encountered the Floxif an infection.\u00a0<\/p>\n<p>Procolored didn\u2019t instantly reply to a request for remark. However the firm advised Hahn that it suspects the drivers information have been tampered with via an contaminated USB drive. &#8220;The software program hosted on our web site was initially transferred by way of USB drives. It&#8217;s doable {that a} virus was launched throughout this course of,\u201d Procolored stated.\u00a0<\/p>\n<p>&#8220;As a precaution, all software program has been briefly faraway from the Procolored official web site,\u201d the corporate added. \u201cWe&#8217;re conducting a complete malware scan of each file. Solely after passing stringent virus and safety checks will the software program be re-uploaded. This can be a prime precedence for us, and we&#8217;re taking it very critically.&#8221;<\/p>\n<div class=\"py-4\" data-parent-group=\"related-stories\">\n<div class=\"mx-0 border border-b border-l-0 border-r-0 border-t border-gray-300 py-4 md:ml-8 md:mr-24\">\n<h3 class=\"font-stretch-ultra-condensed mb-2 text-lg font-semibold uppercase\"><span class=\"ez-toc-section\" id=\"Advisable_by_Our_Editors\"><\/span>Advisable by Our Editors<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<\/p><\/div>\n<\/div>\n<p>The assertion additionally notes that Procolored plans on disclosing the incident to prospects and updating its web site \u201cas soon as all software program has been completely reviewed and confirmed protected.\u201d Hahn says he\u2019s obtained copies of the brand new driver information and stories they look like clear.\u00a0<\/p>\n<p>Some may speculate that Procolored intentionally planted the malware. However in his weblog publish, Hahn wrote, \u201ca much more believable rationalization factors to the absence or failure of antivirus scanning on the techniques used to compile and distribute the software program packages.\u201d That is as a result of the <a href=\"https:\/\/www.pcmag.com\/how-to\/what-is-a-command-and-control-cyberattack\" target=\"_self\" rel=\"noopener\">command-and-control server<\/a> for the backdoor malware XRed seems to have been offline since February 2024, lowering the menace&#8217;s severity.  <\/p>\n<p>Within the meantime, Hahn recommends affected customers contemplate reinstalling the Home windows OS to totally wipe out the menace. &#8220;It&#8217;s doable that some customers have dismissed antivirus warnings, assuming the information have been protected. This might have allowed the malware to stay undetected,&#8221; he stated.<\/p>\n<section class=\"container mb-8\">\n<div class=\"rich-text mt-4 w-full min-w-0 flex-grow text-left leading-loose\">\n<div class=\"my-16\" data-parent-group=\"author-bio\">\n<div class=\"mb-8 items-center border-b border-t pb-4 pt-8 md:grid md:grid-cols-2 md:border-t-0 md:pt-0\">\n<div class=\"border-gray-200 md:border-r\">\n<h3 class=\"font-stretch-ultra-condensed text-2xl font-semibold\"><span class=\"ez-toc-section\" id=\"About_Michael_Kan\"><\/span>About Michael Kan<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><h4 class=\"mb-3 font-bold leading-normal\"><span class=\"ez-toc-section\" id=\"Senior_Reporter\"><\/span>Senior Reporter<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<\/p><\/div>\n<div class=\"flex items-center\">\n<div class=\"overflow-hidden xs:mr-3 md:mr-8 lg:ml-16\" style=\"height:90px;width:90px;\">\n                            <img decoding=\"async\" class=\"w-full rounded-full\" src=\"https:\/\/i.pcmag.com\/imagery\/authors\/06W4G6A5rmg4LxEffqKnnc6.fit_lim.size_200x200.v1560221550.png\" alt=\"Michael Kan\" width=\"90px\" height=\"90px\" loading=\"lazy\"\/>\n                        <\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"mb-12\">\n<div class=\"mb-8\">\n<div class=\"author-bio rich-text mt-2 leading-loose lg:text-lg\">\n<p>I have been working as a journalist for over 15 years\u2014I bought my begin as a colleges and cities reporter in Kansas Metropolis and joined PCMag in 2017.<\/p>\n<p>\n                            <a class=\"font-bold\" href=\"https:\/\/www.pcmag.com\/authors\/michael-kan\" aria-label=\"Michael&#039;s Author Bio\" target=\"_blank\" rel=\"noopener\"><br \/>\n                                Learn Michael&#8217;s full bio<br \/>\n                            <\/a>\n                        <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<h4 class=\"mt-2 font-bold lg:text-lg\"><span class=\"ez-toc-section\" id=\"Learn_the_newest_from_Michael_Kan\"><\/span>Learn the newest from Michael Kan<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<\/section><\/div>\n<p><script>\n    var facebookPixelLoaded = false;\n    window.addEventListener('load', function() {\n        document.addEventListener('scroll', facebookPixelScript);\n        document.addEventListener('mousemove', facebookPixelScript);\n    });\n    function facebookPixelScript() {\n        if (!facebookPixelLoaded) {\n            facebookPixelLoaded = true;\n            document.removeEventListener('scroll', facebookPixelScript);\n            document.removeEventListener('mousemove', facebookPixelScript);\n            window.zdconsent.cmd.push(function() {\n                ! function(f, b, e, v, n, t, s) {\n                    if (f.fbq) return;\n                    n = f.fbq = function() {\n                        n.callMethod ? n.callMethod.apply(n, arguments) : n.queue.push(arguments)\n                    };\n                    if (!f._fbq) f._fbq = n;\n                    n.push = n;\n                    n.loaded = !0;\n                    n.version = '2.0';\n                    n.queue = [];\n                    t = b.createElement(e);\n                    t.async = !0;\n                    t.src = v;\n                    s = b.getElementsByTagName(e)[0];\n                    s.parentNode.insertBefore(t, s)\n                }(window, document, 'script', '\/\/connect.facebook.net\/en_US\/fbevents.js');\n                fbq('init', '454758778052139');\n                fbq('track', \"PageView\");\n            });\n        }\n    }\n<\/script><br \/>\n<br \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Should you personal a printer from China-based Procolored, be careful: The corporate\u2019s driver information are stuffed with malware, together with a Home windows-based backdoor. Karsten Hahn, a researcher at cybersecurity vendor G Information, reported the findings on Thursday. &#8220;A printer firm offered contaminated printer software program for half a 12 months,&#8221; he stated. Hahn started [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":7605,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[],"class_list":{"0":"post-7603","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-input-devices"},"_links":{"self":[{"href":"https:\/\/aireviewirush.com\/index.php?rest_route=\/wp\/v2\/posts\/7603","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/aireviewirush.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/aireviewirush.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/aireviewirush.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/aireviewirush.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=7603"}],"version-history":[{"count":1,"href":"https:\/\/aireviewirush.com\/index.php?rest_route=\/wp\/v2\/posts\/7603\/revisions"}],"predecessor-version":[{"id":7604,"href":"https:\/\/aireviewirush.com\/index.php?rest_route=\/wp\/v2\/posts\/7603\/revisions\/7604"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/aireviewirush.com\/index.php?rest_route=\/wp\/v2\/media\/7605"}],"wp:attachment":[{"href":"https:\/\/aireviewirush.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=7603"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/aireviewirush.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=7603"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/aireviewirush.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=7603"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}