Принтер Procolored
Nowadays, we’re used to the fact that even the most expensive devices can sometimes have flaws — but rarely do you expect a professional printer costing several thousand dollars to bring dangerous malware with it. Yet that’s exactly what happened to customers of Procolored, a brand that specializes in direct-to-shirt printers for T-shirts and other merchandise. And this story is very revealing.
Cameron Coward, an American enthusiast and blogger, bought one of Procolored’s flagship printers for about $6000. Along with the device, he received a USB flash drive with the official software for managing the printer. Coward saidHe said that as soon as he plugged the flash drive into his computer, the antivirus immediately raised the alarm — the program detected a malicious virus worm called Floxif, which spreads through USB drives.
Coward contacted the manufacturer, but they replied that it was «a false positive» the antivirus. Doubting this, Cameron turned to Reddit users for help. There, Carsten Hahn, a security analyst at G Data, got involved in the situation. And his analysis revealed an even bigger problem.
Hahn examined the software hosted on the official Procolored cloud storage (using the MEGA service). Although he did not find Floxif itself there, he did find stumbled upon two other types of threats in 39 files. One is the XRedRAT backdoor, which allows attackers to gain access to the victim’s system. The second was a cryptocurrency thief that installed another new and previously unknown infector, which Gan called SnipVex.
Both malware were linked to command and control servers that were already shut down at the time of the scan. Gan didn’t analyze Floxif, as he had enough samples.
«Floxif infection is one of the most dangerous. It corrupts system files to the point where they are almost impossible to recover,» Gan warned.
Carsten managed to get a more complete response from Procolored than Coward. The company admitted that the USB drive could have been infected during the software recording. They also pointed out that the PrintEXP installer has a Chinese localization by default, which can cause international OSes to display potentially dangerous warnings.
After that, Procolored suspended the distribution of official printer software to check the packages for viruses and malware. Gan confirmed that the new versions of the software are already «clean». However, he advised a more radical method in case of infection with Floxif or similar malware — a complete formatting of the computer and reinstallation of the OS.
This story is another reminder: even branded equipment with a high price does not guarantee security. If you buy a device that requires installation of additional software, especially from physical media — be sure to scan everything with an antivirus and do not ignore even single warnings. And manufacturers should more closely monitor the supply and assembly chains of software.
Source: techspot