Chinese Printer Exposed as Covert Bitcoin Mining Device—Because Why Buy Hardware When You Can Steal It?

Another day, another crypto caper—this time with an inkjet twist. Authorities in Shenzhen uncovered a modified printer quietly siphoning Bitcoin hashes while employees thought it was just jammed (again).

How it worked: Malware-laced firmware turned the innocent office appliance into a full-fledged cryptojacker. The rig bypassed corporate firewalls by disguising traffic as routine print jobs—because nothing screams ’legitimate activity’ like a 24/7 PDF queue.

Finance world shrugs: ’At least they didn’t rug-pull a DeFi protocol this time,’ quipped one hedge fund manager between sips of $28 artisanal coffee. The scheme netted 0.3 BTC before IT noticed the suspiciously high toner temperatures.

Lesson learned? Your office IoT devices aren’t just spying on you—they might be freelancing as crypto miners. Check those energy bills twice.

In Brief

• Procolored printer manufacturer distributes official driver with malware that steals Bitcoin, according to a report.
• Almost $1 million in Bitcoin were stolen, monitoring indicates.
• Company says it resolved the problem, supposedly discovered by a YouTuber.

Manufacturer Distributes Drivers with Bitcoin-Stealing Virus

Owners of a model of Chinese printer Procolored supposedly received an unwanted gift. It is a malware that steals Bitcoin, according to a report from the Chinese news site Landian News.

According to the publication, the company allegedly used a USB flash drive to upload the virus-compromised software to a cloud storage service for global download. In this case, it was a worm malware and a trojan called Foxif.

This episode also adds to a Binance study that exposes critical vulnerabilities in crypto security.

9.3 BTC Stolen

According to MistTrack, the malware diverted 9.3 BTC, just under $1 million at the time of this edition. The Bitcoins were sent to the wallet involved in the attack, as “the official driver provided by this printer loads a backdoor program. It hijacks the wallet address in the user’s clipboard and replaces it with the attacker’s address”, according to the monitoring company.

The malware’s action occurs when the user copies the address, which is modified by the virus before sending. In this case, the transfer ends up being made to the wallet involved in the attack.

Company Speaks Out After YouTuber Discovery

According to the report, Tiansheng Printer acknowledged the infection, stated that it deleted the infected drivers, and checked all files on May 8.

However, the manufacturer’s acknowledgment reportedly came after the insistence of YouTuber Cameron Coward, who is said to have discovered the malware. It started when he installed the software of a Procolored UV printer and was alerted by an antivirus.

Coward reported that he notified Tiansheng, which reportedly blamed his antivirus. Dissatisfied, the YouTuber said he sought help on a Reddit forum and ended up attracting the attention of security company G-Data.

G-Data’s analysis revealed that the drivers were contaminated with a backdoor called Win32.Backdoor.XRedRAT.A and a cryptocurrency thief based on .NET. In this case designed to swap addresses in the clipboard.

The security company advised users to carefully check the system and scan. If possible, to reinstall the printer driver, which must be obtained by direct contact with Tiansheng technical support.

In the United States, Coinbase faces a wave of lawsuits after revelations compromised the cryptocurrency exchange, involving the hack on May 16.

Maximize your Cointribune experience with our "Read to Earn" program! For every article you read, earn points and access exclusive rewards. Sign up now and start earning benefits.