We utilize artificial intelligence for site translations, and while we strive for accuracy, they may not always be 100% precise. Your understanding is appreciated.
Home/
Blog
/
Infected Printer USB Software: A Wake-Up Call for…
Infected Printer USB Software: A Wake-Up Call for Removable Media Protection
by
OPSWAT
Share this Post
Malware Discovered in Printer Software Exposes Removable Media Risks
While attention is focused on ransomware, phishing campaigns, and nation-state threats, often overlooked attack vectors, like USB drives, continue to pose a threat to critical infrastructure. A recent incident involving malware-infected printer software from Procolored is a reminder of the dangers of peripheral and removable media-borne threats.
When Your Printer Becomes a Threat
A recent investigation by G DATA revealed that a malware-infected printer software package was inadvertently distributed by the printer manufacturer, Procolored, via its official site and other associated third-party platforms. The malicious package included a USB-spreading worm, a type of clipbanker malware designed to target crypto wallets, and XRedRAT backdoor, which enables full remote system access.
It is an attack vector that most users would not see coming. What made this incident especially dangerous is that the malware was embedded in a trusted installation software distributed directly by the manufacturer. As a result, anyone using a printer with the exploited software or a USB drive carrying its embedded software is at risk.
Such an infection opens the door for malware to silently spread across systems via USB drives, bypassing traditional network-based defenses, especially in organizations that rely on removable media for device setup or perform data transfer between air-gapped operations. This is not just an isolated incident by a vendor. It highlights a broader, underestimated risk in enterprise environments.
Why USB-Based Attacks Still Work
The 2025 SANS ICS/OT Cybersecurity Budget survey revealed that 15.2% of the initial attack vectors on OT and control systems originate from removable media. While USB-based attacks are not new, they remain highly effective for multiple reasons:
Air-gapped and OT systems often rely on USB drives to deliver software updates and patches
Users often trust vendor-provided media without validating it
Malware can execute automatically or trick users into clicking infected installers
The infected printer USB isn’t an isolated case. We can no longer assume that physical media is safe if it’s official. This incident is not just a vendor oversight. If a simple printer driver can compromise an enterprise, imagine what’s possible with more complex attacks. Peripheral and removable media protection is no longer optional; It's foundational.
Itay Glick
VP of Products, OPSWAT
Effective Solutions to Prevent USB-Based Infections
To defend against risks like the Procolored malware, OPSWAT offers two critical layers of protection:
MetaDefender Kiosk: Secure Removable Media Threats at the Point of Entry
To defend against USB-based attack vectors, MetaDefender Kiosk™ acts as a physical scanning station to safeguard organizations’ assets. It integrates with proven, industry-leading solutions and technologies to sanitize data before entering critical environments. Combined with solutions like MetaDefender Managed File Transfer™ and MetaDefender Media Firewall™, other layers of defense can be added to help with safe file transfers and scan policy enforcement.
MetaDefender Endpoint: Pre-Run Protection and Device Control
MetaDefender Endpoint™ protects devices inside critical OT networks from peripheral and removable media threats by blocking all removable media usage until security conditions are met. Once a scan is complete and the scanned media is considered safe to use, the user can proceed to access the files within. This process was proven to protect files and data from known, unknown, and AI-generated threats.
Industry-Leading Core Technologies
Both MetaDefender Kiosk and MetaDefender Endpoint utilize proven, globally trusted technologies, like MetaScan™ Multiscanning, that reaches a 99.2% malware detection rate with 30+ anti-malware engines. They also employ the Deep CDR™ technology to proactively remove malicious content from files and regenerate safe, usable versions. Along with performing vulnerability assessments to identify known software flaws in removable media and a robust sensitive data leak protection, both solutions provide deep, multi-layered defense IT/OT networks against peripheral and removable media threats.
At OPSWAT, our philosophy is simple: trust no file, trust no device. Even vendor-supplied media can become a threat. That’s why we focus on enforcing security policies at the point of entry, scanning all peripheral and removable media, inspecting every file, and securing every endpoint.
Itay Glick
VP of Products, OPSWAT
Final Thoughts
The Procolored incident shows that USB-embedded software, even when provided by trusted vendors, can be compromised. Software obtained through official channels can double the impact caused by other malware.
To see how OPSWAT can help protect your organization against downloaded and media-borne threats, even if it comes from a trusted vendor such as the Procolored malware, book a demo today.
