Do Son 
Hackers have compromised the official website of RVTools—a widely used utility for managing VMware virtual infrastructures—and replaced its installer with a malicious version. Both Robware.net and RVTools.com were temporarily taken offline. The developers have stated that they are working to restore the affected resources and have strongly advised users not to download the utility from any unofficial sources.
The incident came to light through cybersecurity researcher Aidan Leon, who discovered that the installer downloaded from the RVTools website contained a malicious version.dll library. This library facilitates the deployment of Bumblebee, a notorious malware loader commonly employed by cybercriminals during the initial stages of attacks, including the delivery of ransomware and tools like Cobalt Strike. It remains unclear how long the compromised version was available for download or how many users may have installed it.
While the official sites remain offline, users are urged to verify the checksums of any RVTools installers in their possession and to inspect whether version.dll has been executed from user directories—an indicator of potential compromise.
Incidents like this underscore the critical vulnerability of even trusted software products when distribution and integrity controls are not reinforced by rigorous security protocols.
Donate