RVTools Website Hacked Fake Installer Spreads Dangerous Malware

A Trusted IT Tool Turned Malware Trap

IT professionals rely on RVTools for managing VMware environments—but this week, the software’s official website was hacked, turning a trusted utility into a malware delivery tool.

Security researcher Aidan Leon discovered that downloads from RVTools.com secretly installed Bumblebee, a dangerous malware loader often used in ransomware attacks. The hackers modified the installer to load a malicious DLL, infecting systems without users realizing it.

Robware, the company behind RVTools, quickly took the site offline and issued a warning:

“Robware.net and RVTools.com are currently offline. We are working to restore service. These are the only official sources for RVTools do not download it from anywhere else.”

The big concern? We don’t know how long the infected version was available or how many people installed it.

What Is Bumblebee Malware?

Bumblebee first appeared in 2022 and has become a favorite tool for cybercriminals. Once installed, it can:

• Download additional malware (like ransomware or spyware).

• Steal passwords, banking details, and other sensitive data.

• Hide from antivirus scans using advanced tricks.

This attack is especially dangerous because it’s a supply chain attack hackers didn’t just send phishing emails; they compromised a legitimate website to spread malware.

How to Check If You’re Infected

If you downloaded RVTools recently:

1. Scan your system with an updated antivirus.

2. Look for suspicious files, especially version.dll in user folders.

3. Wait for Robware to confirm the safe version before reinstalling.

Another Supply Chain Attack: Malware Hidden in Printer Software

Just as the RVTools breach came to light, another shocking supply chain attack was exposed this time involving Procolored printers.

Security researcher Cameron Coward found that official Procolored software contained:

• XRed: A backdoor that logs keystrokes, spreads via USB, and lets hackers remotely control infected PCs.

• SnipVex: A “clipper” malware that swaps Bitcoin wallet addresses when you copy and paste, stealing cryptocurrency.

According to G DATA researcher Karsten Hahn, the hackers behind this made off with over $974,000 in Bitcoin before their server went offline.

Procolored admitted the malware may have slipped in when software was uploaded to Mega.nz via USB drives in late 2024. While the backdoor is inactive now, infected systems could still be at risk.

How to Protect Yourself from These Attacks

1. Only download software from official websites and even then, verify checksums if possible.

2. Use strong antivirus software with real-time protection.

3. Be cautious with USB drives they can spread malware.

4. Monitor for strange behavior, like unexpected DLL files or slow system performance.

Final Advice: Stay Alert

These attacks show that even trusted software can be weaponized. Always double check downloads, keep systems updated, and assume hackers will exploit any weak link.