Market Times:

London:

New York:

Singapore:


News

Malware Found in Chinese Printer Driver Steals 9.3 BTC

Experts believe a third-party developer likely embedded the malicious code, since many Chinese hardware firms outsource driver development.

Avatar image of Jonathan Agozie Jonathan AgozieMay 20, 2025
security exploit

Cybersecurity researchers have uncovered malware in the official printer driver software from Procolored, a Shenzhen-based printer manufacturer. According to a recent post on X, the malicious code was used to steal 9.3 BTC from unsuspecting users.

According to Landian News, the infected driver was first copied from a USB flash drive and then uploaded to Procolored’s official website for public download. It’s still uncertain whether the company knowingly distributed the malware or if a third party compromised it.

Outsourcing and Malware Delivery Path

Experts believe a third-party software developer may be responsible for embedding the malicious code. They explained that many hardware companies in China outsource their driver development. In this case, the malware was likely added during development and then delivered to Procolored via USB.

To investigate the attack, Yu Xian, founder of blockchain security firm SlowMist, analyzed the malware and detailed how it functions. He found that the driver contains code that monitors the user’s clipboard. If a Bitcoin address is copied, the malware replaces it with one the attacker controls.

Xian clarified that while the tactic resembles address poisoning, it is a more traditional clipboard-hijacking method. He also noted that the stolen Bitcoin had already been laundered, indicating the attack occurred some time ago.

Long-Term Malware Activity and User Warning

Further analysis revealed that the malware had been active far longer than initially suspected. It was not limited to the printer driver alone, but had infected multiple programs over the years. Records show the first theft happened in April 2016, while the most recent incident took place in March 2024.

Landian News has advised anyone who installed Procolored printer drivers within the past six months to scan their systems using antivirus software. However, they also warned that malware like this can sometimes evade detection. As a stronger measure, users were urged to reinstall their operating systems and inspect all stored files for signs of compromise.

Jonathan Agozie

Jonathan Agozie is a writer dedicated to delivering clear, well-researched, and technically accurate content on blockchain, cryptocurrency, and Web3 technologies. With a strong background in these fields, he simplifies complex topics for a broad audience, ensuring clarity without compromising depth.