Procolored, a Chinese printer manufacturer, has recently been embroiled in a cybersecurity scandal after it was discovered that the company’s official printer drivers were distributing malicious software. The malware, which included a remote access trojan and a cryptocurrency stealer, was found to have been embedded in Procolored’s companion software for at least six months, putting users at serious risk.
Based in Shenzhen, China, Procolored specializes in digital printing solutions such as DTF, UV, and DTG printers. Since its establishment in 2018, the company has experienced rapid growth, expanding its market reach to over 30 countries, including a significant customer base in the U.S.
The issue came to light when YouTuber Cameron Coward, known as Serial Hobbyism, reported detecting malware on his system after installing drivers for a Procolored UV printer. His antivirus flagged a worm known as Floxif, prompting Coward to contact the company for clarification. Procolored initially denied any wrongdoing, claiming the alert was a false positive. However, further investigation by cybersecurity researcher Karsten Hahn confirmed the presence of two pieces of malware: XRedRAT, a remote access trojan, and SnipVex, a Bitcoin clipboard hijacker.
The malware, linked directly from Procolored’s official support site, targeted at least six printer models and replaced copied Bitcoin wallet addresses with those controlled by attackers. This malicious activity resulted in the theft of 9.3 BTC, equivalent to over $953,000. Following public exposure, Procolored’s parent company, Tiansheng, removed the infected drivers and attributed the breach to USB cross-contamination during file transfers.
Users are advised to conduct thorough system scans and consider a full system reinstall if they have used the compromised drivers. Clean driver files are now available upon request from Tiansheng’s technical support.
This incident involving Procolored’s malware-laden printer drivers is part of a broader trend of cybercrime originating in China and spreading across Southeast Asia. Recent reports have linked Chinese-language Telegram marketplace Xinbi Guarantee, registered in the U.S. under Xinbi Co. Ltd., to large-scale crypto scams totaling $8.4 billion in stablecoin transactions. The platform offers illicit services such as money laundering, fake IDs, tech hardware, and stolen personal data, operating on a “guarantee” model to maintain trust among criminals.
The discovery of Bitcoin-stealing malware in Procolored’s software underscores the growing threat of cyber fraud facilitated by underground economies and the misuse of stablecoins. It serves as a stark reminder of the importance of cybersecurity measures and vigilance in the digital age.