A shocking report has revealed that Shenzhen-based printer manufacturer Procolored distributed Bitcoin-stealing malware through its official printer drivers. According to a May 19 investigation by Chinese outlet Landian News and cybersecurity firm G-Data, Procolored’s software uploads included malicious code capable of hijacking cryptocurrency transactions.

The malware, embedded in USB drivers and uploaded to file-sharing platforms like MEGA, replaced copied Bitcoin wallet addresses with those belonging to attackers. Victims unknowingly sent funds to the wrong address. So far, at least 9.3 BTC—worth over $953,000—have been stolen.

The malware was first flagged by YouTuber Cameron Coward, who encountered it while reviewing a Procolored UV printer. His antivirus software detected the presence of a worm and a trojan known as "Foxif." After sharing his findings on Reddit, cybersecurity experts at G-Data launched a formal investigation.

Their analysis uncovered two specific threats: the backdoor Win32.Backdoor.XRedRAT.A and a clipboard address replacement tool targeting Bitcoin users. These malicious files had reportedly been available since October 2023.

When contacted, Procolored initially dismissed the allegations, claiming the antivirus detection was a false positive. However, the company later admitted the breach, attributing it to a supply chain compromise involving infected USB devices. It has since deleted the infected files from its cloud storage and claims to have re-scanned all driver files as of May 8.

Landian News advises anyone who installed Procolored drivers in the past six months to immediately run a full antivirus scan—or better yet, reinstall their operating system—to eliminate potential threats.

This case underscores growing concerns over hardware supply chain security and the ease with which everyday devices can be weaponized to steal crypto.