Remember when the biggest printer problem was paper jams? Those were simpler times. Today, you might plug in your shiny new $7,000 Procolored printer only to discover it’s serving something extra with those color prints—malware that empties your crypto wallet.
For at least six months, Procolored—a Chinese manufacturer making waves with affordable professional printing solutions—has been accidentally shipping malware-laden software with its high-end printers. The infected files came both on USB drives packaged with the hardware and through official downloads on their website. It’s the kind of hidden vulnerability that opens the door to billion-dollar laundering schemes in the crypto world—proof that digital breaches don’t always start with a hack, but often with something as simple as plugging in a printer.
Your PC Never Stood a Chance
If you’re unfamiliar with what XRedRAT and SnipVex can do, imagine giving a stranger the keys to your digital life. These nasty programs capture your keystrokes, take screenshots, manipulate files, and even replace Bitcoin addresses in your clipboard with ones controlled by attackers.
The malware was so effective that security researchers have tracked over 9.3 BTC (nearly $950,000) stolen through this clipboard hijacking technique alone. That’s one expensive printer accessory you never asked for. And it’s just a small piece of a much larger puzzle — one of many stealthy exploits contributing to the staggering wave of crypto losses in 2024, despite supposed advances in cybersecurity.
Caught with their digital pants down, Procolored initially tried the classic “it’s not us, it’s you” defense, suggesting the infections might be from “international OS incompatibility” or “USB cross-contamination.” They might as well have blamed it on solar flares or Mercury retrograde.
Only after tech YouTuber Cameron Coward and security firm G Data published undeniable evidence did the company admit the problem and remove the infected software from their website.
Protecting Your System
The infection has been traced to at least six printer models—the F8, F13, F13 Pro, V6, V11 Pro, and VF13 Pro—with a USB drive reportedly infected by the Floxif USB worm being the source. That’s right, someone at a printer company plugged in an infected USB drive to their production system. It’s like cybersecurity 101 written in crayon.
If you suspect your system is infected, look for unexplained system slowdowns, unusual network activity, or modified Bitcoin addresses when copying and pasting. Multiple security vendors, including Malwarebytes and G Data, now detect these threats, so run a scan with updated definitions immediately.
For Procolored owners, a standard antivirus scan might not be enough. Since SnipVex modifies executable files, you’ll need to delete all Procolored software, download clean versions from their updated website, and perform a full system scan. Security experts recommend using multiple scanning tools like Malwarebytes, HitmanPro, and Windows Defender in sequence to catch everything.
If you’ve handled cryptocurrency on an infected machine, change your wallet passwords immediately and check your transaction history for unauthorized transfers.
Industry Wake-Up Call
This incident represents more than just one company’s embarrassing mistake—it’s a sobering reminder of how fragile our trust in the tech supply chain has become. Even legitimate purchases from established manufacturers can become vectors for attack.
The Procolored case will likely trigger increased scrutiny of smaller hardware manufacturers, especially those from regions with limited regulatory oversight. Expect to see more companies implementing code signing and integrity verification for their drivers as standard practice.
For consumers, this should serve as a wake-up call about the risks that come with niche hardware. That bargain printer might save you a few hundred dollars upfront, but the potential security costs make that “deal” look considerably less attractive.
This incident offers an uncomfortable reminder that even legitimate companies can unknowingly turn your expensive hardware purchase into a Trojan horse. The next time a device asks you to install its proprietary software, maybe take a moment to run it through a virus scanner first.
