Printer company Procolored has come under fire after the discovery its software was infected with malware for at least six months. Procolored offers direct-to-film printers, which allow users to print on various substances, from textiles to plastics.
Cameron Coward of the Serial Hobbyist YouTube channel made the discovery when reviewing a $6k UV printer from the company.
The discovery
Plugging in a USB flash drive featuring the printer software first raised the alarm. The flash drive was supplied with the printer. After installing software from a ZIP folder on the flash drive, Windows Defender and Google Chrome alerted Cameron to malware threats, specifically a USB-spreading worm and a Floxif infection.
The Floxif virus is one of the worst infections a system can experience. It can attach itself to and change Windows executables, spreading to network shares, backup systems, and USB drives. It can also install other malware. It can damage system files so severely that they can never be restored to their original state.
When Coward contacted Procolore, they claimed the antivirus alerts were false positives. Despite that, Coward posted the issue to Reddit, hoping a security expert could dig deeper and find out what was really going on. Karsten Hahn, a researcher at cybersecurity vendor G Data, agreed to investigate.
Digging deeper
Hahn discovered that at least six printer models and the related software hosted on the Mega file-sharing platform featured malware. This software can be accessed from a link on the support section of Prcolored’s website.
Hahn found 39 files infected with known malware XRedRAT and previously undocumented clipper malware he has named SnipVex. XRedRAT malware can perform malicious actions such as screenshot capturing, remote shell access, keylogging, and file manipulation. SnipVex infects .EXE files, attaches to them, and replaces clipboard Bitcoin addresses with the attacker’s address. This ensures that the attacker will receive the victim’s crypto transactions.
Hahn concluded that this malware had been around for at least six months since the files were last updated in October 2024.
Procolored removes software packages
Despite earlier insistence that the antivirus alerts were false alarms, Procolored took the infected files offline on May 8 2025. Following this, Hahn contacted for more information. When asked how this happened, Procolored’s representative said the virus could have been introduced when the file was transferred from a USB drive to the website. The company initially believed it was a false flag, as their software is Chinese by default, which is often misinterpreted as malicious by international systems that use English by default.
Once Procolored had investigated and reuploaded the software packages, G Data analyzed the files and confirmed they were malware-free.
Cora is a digital copywriter for SSLs.com. Having eight years of experience in online content creation, she is a versatile writer with an interest in a wide variety of topics, ranging from technology to marketing.