Atlas21
  • ‎
No Result
View All Result
Atlas21
No Result
View All Result
Atlas21
Home Bitcoin

Bitcoin malware discovered: Chinese printer manufacturer involved

Newsroom by Newsroom
May 21, 2025
in Bitcoin
virus
Share on FacebookShare on TwitterShare on Linkedin

A Chinese printer company inadvertently distributed malware that steals Bitcoin through its official drivers, resulting in the theft of over $950,000.

According to local media outlet Landian News, a Chinese printer manufacturer was found to have unknowingly distributed malware designed to steal Bitcoin through its official device drivers.

Procolored, a Shenzhen-based printer company, distributed malware capable of stealing Bitcoin alongside the official drivers for its devices. The company reportedly used USB devices to spread infected drivers and uploaded the compromised software to globally accessible cloud storage services.

Crypto security and compliance firm SlowMist explained how the malware works in a post on X:

🚨 The official driver provided by this printer carries a backdoor program. It will hijack the wallet address in the user's clipboard and replace it with the attacker's address: 1BQZKqdp2CV3QV5nUEsqSg1ygegLmqRygj

🕵️ According to @MistTrack_io, the attacker has stolen 9.3086… https://t.co/DHCkEpHhuH pic.twitter.com/W1AnUpswLU

— MistTrack🕵️ (@MistTrack_io) May 19, 2025

The consequences of the breach have been significant, with a total of 9.3 BTC stolen — equivalent to over $950,000.

The issue was first flagged by YouTuber Cameron Coward, whose antivirus software detected malware in the drivers during a test of a Procolored UV printer. The software identified both a worm and a trojan virus named Foxif.

When contacted, Procolored denied the accusations, dismissing the antivirus warning as a false positive. Coward then turned to Reddit, where he shared the issue with cybersecurity professionals, drawing the attention of security firm G Data.

G Data’s investigation revealed that most of Procolored’s drivers were hosted on the MEGA file-sharing platform, with uploads dating back to October 2023. Their analysis confirmed the presence of two separate malware strains: the Win32.Backdoor.XRedRAT.A backdoor and a crypto-stealer designed to replace clipboard wallet addresses with those controlled by the attacker.

G Data reached out to Procolored, which stated that it had removed the infected drivers from its storage as of May 8 and had re-scanned all files. The company attributed the malware to a supply chain compromise, saying the malicious files were introduced via infected USB devices before being uploaded online.

Landian News recommended that users who downloaded Procolored drivers in the past six months “immediately run a full system scan using antivirus software.” However, given that antivirus tools are not always reliable, the Chinese media outlet suggested that a full system reset is the safest option when in doubt.

Previous Post

JPMorgan to allow clients to buy Bitcoin ETFs: no custody services

Next Post

Bitcoin in Strive’s sights: 75,000 BTC from Mt. Gox among its targets

Latest News

Jeff Booth: Bitcoin is a protocol, not an asset
Bitcoin

Jeff Booth: Bitcoin is a protocol, not an asset

by Newsroom
July 2, 2026
0

The distinction between store of value and monetary protocol determines, according to Booth, the very fate of the network over...

Read moreDetails
La Fed pubblica i primi dati dello studio sui pagamenti 2025
Industry

Fed releases first data from the 2025 payments study

by Newsroom
July 2, 2026
0

The Federal Reserve's triennial study captures a system digitalising under state stewardship: whoever controls payment infrastructure data controls the currency.

Read moreDetails
Raccontare Bitcoin tramite l’arte
Feature

The Fed’s independence is a legal fiction

by Federico Rivi
July 1, 2026
0

The SCOTUS rulings of 29 June 2026 on independent agencies reveal that the American central bank has always been, in...

Read moreDetails
trump
Industry

Trump discloses over $1.4 billion in digital asset income for 2025

by Newsroom
July 1, 2026
0

The president's financial disclosures show a structural overlap between executive power and the digital asset sector that Congress cannot ignore.

Read moreDetails
Industry

EFF maps the data collected by age verification in the UK

by Newsroom
July 1, 2026
0

The UK's Online Safety Act requires platforms to identify their users: behind every age check lies a surveillance system with...

Read moreDetails
Atlas21

© 2026 Atlas21

Navigate Site

  • Editorial Policy
  • Cookie Policy
  • Privacy Policy
  • Team

Follow Us

No Result
View All Result
  • Bitcoin 101
    • What Is Bitcoin? A Complete Guide
    • Bitcoin Security: A Complete Guide
    • Bitcoin Privacy: A Complete Guide
    • Lightning Network: A Complete Guide
    • Bitcoin Mining: A Complete Guide
    • Advanced Bitcoin: A Technical Guide
  • Learn
  • Latest News
  • Interviews
  • Opinion
  • Feature
  • B2B Services
  • About Us
  • Contacts

© 2026 Atlas21

We use cookies to ensure that we give you the best experience on our website. If you continue to use this site, we will assume that you are happy with it.