In a significant security incident affecting potentially thousands of customers, printer manufacturer ProColored has been distributing malware-infected drivers through its official website for several months, according to researchers who discovered the compromise.
The contaminated drivers, which were available for download from ProColored’s website between January and April 2025, contained sophisticated malware designed to establish persistence on victim systems while evading detection by common antivirus solutions. When users installed what they believed to be legitimate printer drivers, they were simultaneously infecting their systems with malicious code capable of stealing sensitive information and potentially providing remote access to attackers.
Security analysts who examined the compromised software found that the malware established encrypted connections to command-and-control servers located in Eastern Europe, transmitting system information and potentially exfiltrating data from infected computers. The malware was particularly concerning due to its use of advanced obfuscation techniques and its ability to detect virtualised environments, suggesting it was developed by sophisticated threat actors.
“This appears to be a classic supply chain attack where threat actors compromised the manufacturer’s software distribution infrastructure,” explained a senior malware analyst who participated in the investigation. “What makes this incident particularly troubling is the extended period during which these infected drivers were available, combined with the legitimate signing certificates that helped them bypass security controls.”
ProColored has acknowledged the security breach and has taken immediate steps to remove the compromised drivers from its website, replacing them with clean versions. The company has also initiated a comprehensive security audit of its development and distribution systems to identify how the compromise occurred and prevent similar incidents in the future.