In an alarming cybersecurity lapse, popular printer brand Procolored has unknowingly distributed malware-infected drivers via its official website for at least six months. The infected software included a Remote Access Trojan (RAT) called XRedRAT and a cryptocurrency stealer known as SnipVex, both capable of compromising user systems and exfiltrating sensitive data.
What Happened?
The malware was embedded in driver installation packages hosted on the Mega file-sharing platform, to which Procolored linked directly from its website. Several of the company’s widely-used DTF and UV printer models were affected, with users unknowingly downloading and installing malicious files alongside their printer drivers.
This wasn’t a small-scale breach or a one-time compromise. It persisted for months, and was only discovered thanks to the vigilance of a YouTuber and hobbyist tech reviewer.
How the Malware Was Discovered
The threat first came to light when Cameron Coward, the creator behind the Serial Hobbyism YouTube channel, downloaded software for a Procolored printer and noticed suspicious behavior. Upon scanning the files, Coward found that his antivirus detected malware.
He alerted the cybersecurity firm G Data, which conducted a deeper analysis. They confirmed the presence of both XRedRAT and SnipVex in the installer packages. According to G Data’s report, the malware had been distributed since at least November 2024, affecting users who had downloaded drivers any time in that window.
Procolored’s Response
Initially, Procolored dismissed the reports, attributing them to false positives from antivirus tools. However, when presented with further evidence, the company acknowledged that its software might have been infected by a USB device used to upload the files to Mega.
Procolored has since:
- Temporarily removed all software downloads from its official website.
- Launched an internal investigation to scan all files for malware.
- Provided clean, verified versions of its drivers, which G Data confirmed as malware-free.
Despite the response, the delay in acknowledging the issue and the insecure distribution method (using Mega links) have raised concerns about the company’s cybersecurity practices.
What Should Users Do?
If you’ve installed Procolored software between November 2024 and May 2025, you may be at risk. Here’s what you should do:
- Uninstall the current driver/software packages from your system.
- Download and install the updated drivers only from Procolored’s official site, once they’re confirmed clean.
- Run a full system malware scan using a trusted antivirus solution.
- Monitor your system for unusual behavior (unauthorized remote access, slow performance, strange processes).
Bigger Lessons: Supply Chain Security Is Everyone’s Problem
This incident is yet another example of how supply chain attacks don’t only target large corporations or critical infrastructure. Everyday users, installing software for a printer, can fall victim when companies fail to secure their distribution channels.
Some broader takeaways:
- Self-host your downloads securely – avoid third-party platforms like Mega unless files are signed and verified.
- Sign your software with digital certificates to prove authenticity.
- Conduct regular internal security audits of USB devices and systems used for packaging or uploading software.
For users, the rule remains the same: trust, but verify. Even official websites can be compromised or make mistakes. Always scan downloads and keep your antivirus up to date. Furthermore, be wary of unfamiliar processes after installing new hardware or software.
Final Thoughts
This incident is a stark reminder of the fragility of digital trust. Procolored distributed the malware-infected drivers completely unknowingly, of course. However, this remain a big stain on their reputation. While the company has taken steps to remediate the damage, the months-long exposure and insecure practices point to a need for much stronger cybersecurity hygiene, especially for companies selling devices that integrate closely with user systems.
