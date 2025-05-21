The official printer driver of Procolored, a subsidiary of Tiansheng, was infected with a virus. The code contained a backdoor program that was used to steal cryptocurrency Malicious software replaced the cryptocurrency wallet address in the clipboard when copied to an attacker’s wallet (the so-called clipper virus). The number of of bitcoins stolen by hackers reached 9.3 BTC, which is almost $1 million at the time of writing.

The attacker’s address 1BQZKqdp2CV3QV5nUEsqSg1ygegLmqRygj was active from April 22, 2016, to March 14, 2024.

The infection occurred via a flash drive with malware. After the backdoor infection, Tiansheng placed the drivers with the virus on a network drive for global users to download.

The hijacker’s address may be linked to several other incidents, as this type of Trojan has been infecting various programs for almost 8 years.

Source: MistTrack