YouTuber Uncovers Malware in Procolored Printer Software
For at least six months, software bundled with some of Procolored’s digital printers contained malware — a discovery made by Cameron Coward, a YouTuber who goes by Serial Hobbyism, according to multiple news sources. Procolored sells direct-to-film (DTF), UV DTF, and direct-to-garment printers, among other digital printing solutions.
The malware, found by Coward during a Procolored printer product review, came in the form of a “remote access trojan and a cryptocurrency stealer,” according to a report by BleepingComputer. Coward’s computer antivirus software and Google Chrome browser flagged malware threats when he installed the software and drivers for the Procolored V11 Pro UV Printer, reports PCMag. He was hit with Floxif, a spreadable file infector, according to G Data, a cybersecurity research company that investigated the cyber threats.
After some research, Coward discovered that other Procolored printer owners reported viruses, so he contacted Procolored, which denied the presence of any viruses and said it was “some kind of false positive,” according to Coward’s review on Hackster.io.
“That wasn’t a satisfactory answer, of course,” Coward adds. “But I’m not one to throw around accusations without being sure, so I went and asked some experts on Reddit. Several people were kind enough to investigate and analyze the available software. All of them reported that there were, indeed, many viruses and that a lot of them were very serious.”
Karsten Hahn, a principal malware researcher at G Data CyberDefense, was one of those people, sharing, “I checked the files yesterday and found several files with XRed backdoor and a malicious Coinminer. There is no doubt that several files provided in the download section are malicious.”
In Hahn’s investigation, he found that at least six printer models’ software (F8, F13, F13 Pro, V6, V11 Pro, and VF13 Pro) — hosted on Procolored’s Mega file sharing platform — contained malware. He found 39 files infected with two types of malware — XRedRAT and SnipVex. For a more in-depth look at each of those, check out his blog.
“All these software downloads are available on Mega.nz with a different mega folder link for each product,” Hahn states. “Overall, there are 8 GB of files and archives for all six products. Most files were last updated in October 2024, which is six months ago at the time of writing.”
Procolored’s Response
Despite Procolored initially telling Coward there were no viruses in its software, the company pulled it from the Mega.nz platform on May 8, according to BleepingComputer, and it began an internal investigation. Following the removal of the software downloads from Mega.nz, Hahn reached out to Procolored with the details of the infected files from his investigation, asking for an official statement.
He asked the company, “How did this happen?” “How will you make sure this does not happen again?” and “Advice for potentially affected customers.” The company’s responses from that inquiry, respectively:
- “The software hosted on our website was initially transferred via USB drives. It is possible that a virus was introduced during this process. Additionally, as the PrintEXP software is in Chinese by default, some international operating systems may incorrectly flag or misinterpret it as malicious, especially if the system does not handle non-English programs well.”
- “As a precaution, all software has been temporarily removed from the Procolored official website. We are conducting a comprehensive malware scan of every file. Only after passing stringent virus and security checks will the software be re-uploaded. This is a top priority for us, and we are taking it very seriously.”
- “For the users who have reported related issues, Procolored engineers have already provided individual support and solutions. Once all software has been thoroughly reviewed and confirmed safe, we will update the website and notify customers through our official channels to download the latest version.”
Hahn received the updated software files and confirmed they were clean and malware-free.
In a May 19 statement on its Facebook page, Procolored apologized for the “recent software issues” and shared details of its preventative measures for the future.
While the issue appears to be resolved, Coward tells buyers to run full scans and, in the best-case scenario, run any software on “dedicated, isolated computers.”
