Facepalm: Procolored builds high-end direct-to-film printers used for customizing t-shirts and other products. Recently, its official software delivered dangerous malware to customers' systems, exposing serious security flaws in what should be trusted professional-level equipment.
Purchasing computer peripherals like printers should be a relatively safe experience. However, tech hobbyist Cameron Coward recently found that some ultra-high-end printers costing thousands of dollars were infecting PCs with malicious software. He uncovered the security threat while installing management software for a $6,000 Procolored printer. The software came on a USB flash drive included with the device, but his antivirus flagged it as carrying a USB-spreading worm known as Floxif.
Coward contacted Procolored, but the company claimed the antivirus alert was a false positive. Unconvinced, he turned to Reddit for help. A malware analyst from G Data examined the software and uncovered several serious threats hidden in the package.
Karsten Hahn examined the software packages hosted by the printer manufacturer on the cloud storage service Mega. Although he found no trace of the Floxif file infector, he identified two separate threats across 39 files: a backdoor called XRedRAT and a cryptocurrency stealer designed to deploy a previously unknown file infector he dubbed "SnipVex."
Hahn traced both malware samples to command-and-control servers that had already gone offline. Coward offered a copy of the Floxif malware, but the G Data analyst declined, saying he already had enough samples.
"An infection with a virus like Floxif is one of the most severe, damaging system files beyond proper repair," Hahn warned.
Hahn contacted Procolored and received more detailed responses than Coward's initial interaction. The company speculated that the malware might have infected the USB drive during the software transfer. They also noted that the PrintEXP package is Chinese by default, which could cause some international operating systems to flag it as potentially dangerous.
Procolored subsequently decided to temporarily halt official printer software releases to thoroughly check the packages for security issues before re-uploading them. Hahn confirmed the new packages are clean but warned that the safest mitigation for infections as dangerous as this is to reformat all drives and reinstall the operating system.
