Procolored: Printer company serves malware für six months, claims "false positive" warnings
www.gdatasoftware.com
What do a coin stealer, an abandoned backdoor and a file infector have in common? They all resided in the download section on the website of a printer company - stowed away in installer files for drivers and utilities. We took a closer look.

This is called a superinfection—a file or system that has been infected several times. It typically occurs on systems that do not have antivirus software. It also fits that Cameron had a warning for Floxif. Systems that have been neglected in terms of basic security often become hosts to multiple types of self-replicating malware.

The virus infection also explains why a total of 39 files in the downloads section of Procolored were infected. SnipVex likely replicated itself on a developer’s system or the build servers.

It made a bit of money for the threat actor along the way. Blockchain explorer shows that the threat actor’s BTC address has received a total of 9.30857859 BTC—equivalent to approximately $100.000,00 or 90.000,00 EUR today.

  • Bakkoda@sh.itjust.worksEnglish
    3·
    5 days ago

    Thank you for actually putting the company name in the headline it’s like the 4th time I’ve seen this article and the rest were just click bait style.