A backdoor and a clipbanker were found in the download software, and a potentially very harmful worm might be on the included USB for software installation.
It’s a sad truth that you just can’t ever let your guard down when it comes to malicious software, even when buying a $6,000 USD professional grade printer. This is something tech reviewer Cameron Coward found out to be all too true when reviewing a Procolored V11 Pro DTO UV Printer over on Hackster (via Techspot). The printer is supposed to be a fairly high quality device, for those looking to make UV transfers, but he found some pretty nasty software hiding on the included USB.
Coward, who’s also behind the Serial Hobbyism YouTube channel, got pretty lucky when his computer Antivirus flagged software on the included Procolored software installation USB stick as malicious. It picked the malware as being Floxif, a worm known for devastating computers that is usually shared via USB. It’s not quite as scary as ransomware on a CPU, but it’s still fortunate, he did not go ahead with the installation.
Instead, Coward tried to download and install it fresh from the website, but still was flagged for viruses along the way. He smartly contacted Procolored to ask them about the problem. The company informed him it was a false positive, and further encouraged him to install the software. Thankfully Coward didn’t, and instead turned to the internet for more more help on the issue.
It turned out there were quite a few people talking about finding viruses in Procolored’s software, so he brought the problem to Reddit. Thankfully the white-hats were happy to help, and they all reported finding viruses on the software.
One of these heroes, Karsten Hahn, Principle Malware Researcher at G DATA CyberDefense said “I checked the files yesterday and found several files with XRed backdoor and a malicious Coinminer. There is no doubt that several files provided in the download section are malicious.”
While Hahn didn’t find Floxif in the downloadable software, they did discover a backdoor and a trojan cryptocurrency stealer, or clipbanker in the package. The good news is the backdoor pointed to an address that’s unused and out of date, so is likely harmless. The weird thing here is that the clipbanker was new, so he dubbed it SnipVex, and it turns out to be a bit nastier than originally implied.
SnipVex looks as though its primary design is to steal cryptocurrency, but those addresses haven’t been used as far as Hahn could tell, since last year. Instead the current threat here is the ability to infect other files and cause more problems. Thankfully it’s not the most difficult to fix, but it’s still fairly insidious. A quick reinstall is always the best course of action here.
Hahn also notes that while a few of his counterparts on Reddit feel this software was placed intentionally, it seems unlikely. All these old addresses don’t exactly grant the attacker anything. If anything it’s more likely that this has happened as an accident, but Procolored’s response is still very disappointing.
This is a friendly reminder that if something seems pretty suspicious when downloading or installing software, it likely is. Even if it comes with a $6,000 machine. Plus it never hurts to get online and check if your friendly neighbourhood hackers can help investigate these things.
If you’re looking to purchase one of these machines I’d recommend giving Hahn’s breakdown on the viruses a good read. It gives you a better idea of the kind of nefarious things hiding in these software packages, what they can do, and what to look for. Stay safe out there, everyone.
Best CPU for gaming: Top chips from Intel and AMD.
Best gaming motherboard: The right boards.
Best graphics card: Your perfect pixel-pusher awaits.
Best SSD for gaming: Get into the game first.
About Post Author
