Reports indicate that Procolored has been distributing malware-infected software to customers for the past six months, raising serious security concerns.

The malware operates by hijacking wallet addresses copied to the clipboard and replacing them with the attacker's address, as detailed by crypto compliance firm Slow Mist.

In light of these revelations, users who downloaded Procolored drivers in the last six months are advised to perform full system scans with antivirus software and consider complete system resets.

Chinese printer manufacturer Procolored has been implicated in a significant supply chain attack that has led to the distribution of Bitcoin-stealing malware through its official drivers.

Despite the allegations, Procolored has denied any wrongdoing, claiming that the antivirus detections were false positives and attributing the malware's introduction to infected USB devices.

The issue first came to light when YouTuber Cameron Coward discovered malware while testing a Procolored UV printer, with his antivirus flagging it as containing a worm and a trojan virus named Floxif.

The malware was spread via USB drivers and compromised software uploaded to cloud storage for global access, exacerbating the issue.

In response to the crisis, Procolored removed all software from its website on May 8, 2025, and initiated an investigation into the security breach.

Interestingly, some of the malware's command-and-control infrastructure had been inactive since early 2024, suggesting that the immediate threat may have diminished.

Cybersecurity researchers from G Data confirmed that the malware includes backdoors, infostealers, and cryptocurrency stealers, which have collectively resulted in the theft of approximately 9.3 BTC, valued at over $953,000.

The investigation identified six affected product lines: F8, F13, F13 Pro, V6, V11 Pro, and VF13 Pro.

G Data's investigation revealed the presence of two types of malware in Procolored's drivers, including Win32.Backdoor.XRedRAT.A, after analyzing files hosted on the MEGA file storage service.