Hackers are sending receipts with anti-work messages to businesses’ printers

Hackers are targeting printers of businesses around the world to print ‘anti-work’ slogans pushing workers to demand better pay.

Multiple employees are sharing on Twitter and Reddit the images of anti-work messages sent to the printers of their organizations. The messages encourage workers to protect their rights and discuss their pay with coworkers and demand better pay.

“The posts were made on the r/Antiwork subreddit which describes itself as a community ‘for those who want to end work, are curious about ending work, want to get the most out of a work-free life, want more information on anti-work ideas and want personal help with their own jobs/work-related struggles’.” reported METRO.

“ARE YOU BEING UNDERPAID? You have a protected LEGAL RIGHT to discuss your pay with your coworkers. […] POVERTY WAGES only exist because people are ‘willing’ to work for them.” reads the message.

“How can the McDonald’s in Denmark pay their staff $22 an hour and still manage to sell a Big Mac for less than in America?” reads one of the receipts.

The printed receipt encouraged employees to form unions because ‘Unions’ are the only organizations that could “easily align everyone’s goals.”

The receipts include a link to the r/Antiwork subreddit. 

It is not clear who is behind this campaign, someone speculates it is an operation conducted to discredit and make the r/Antiwork subreddit appear illegal.

Andrew Morris, the founder of cybersecurity firm GreyNoise, told Motherboard that threat actors are sending these printing jobs all over the internet indiscriminately.

“Someone is using a similar technique as ‘mass scanning’ to massively blast raw TCP data directly to printer services across the internet,” Morris told Motherboard in an online chat. “Basically to every single device that has port TCP 9100 open and print a pre-written document that references /r/antiwork with some workers rights/counter capitalist messaging.” Morris told Motherboard.

The messages reached misconfigured printers exposed to the internet, and using Shodan it is possible to find thousands of printers exposed online. Morris also added that the messages are distributed to the printers from tens of servers.

In 2018, TheHackerGiraffe used the Printer Exploitation Toolkit (PRET) to hijack +50k vulnerable printers to Promote PewDiePie YouTube Channel.

In August 2020, cybersecurity experts at CyberNews hijacked close to 28,000 unsecured printers worldwide and forced them to print out a guide on printer security

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, IKEA)

[adrotate banner=”5″]

[adrotate banner=”13″]