Procolored: Printer company serves malware für six months, claims "false positive" warnings
www.gdatasoftware.com
What do a coin stealer, an abandoned backdoor and a file infector have in common? They all resided in the download section on the website of a printer company - stowed away in installer files for drivers and utilities. We took a closer look.

This is called a superinfection—a file or system that has been infected several times. It typically occurs on systems that do not have antivirus software. It also fits that Cameron had a warning for Floxif. Systems that have been neglected in terms of basic security often become hosts to multiple types of self-replicating malware.

The virus infection also explains why a total of 39 files in the downloads section of Procolored were infected. SnipVex likely replicated itself on a developer’s system or the build servers.

It made a bit of money for the threat actor along the way. Blockchain explorer shows that the threat actor’s BTC address has received a total of 9.30857859 BTC—equivalent to approximately $100.000,00 or 90.000,00 EUR today.

  • ExtremeDullard@lemmy.sdf.orgEnglish
    3·
    3 days ago

    It’s almost as if printer manufacturers looked at the advertisement industry one day and thought “You know what? We should try our utmost to become as hated and as reviled as these people.”