Widely used VMware environment reporting utility RVTools had its website compromised to facilitate the distribution of a trojanized installer that spreads the Bumblebee malware, reports The Hacker News.
Threat actors have used the installer to enable the sideloading of a malicious DLL that prompts compromise with the Bumblebee payload, according to an analysis from cybersecurity researcher Aidan Leon. Additional details regarding the duration of the installer's availability and number of downloads before the utility website's takedown remain uncertain but Robware.net, which developed RVTools, has called on users to conduct installer hash verification and version.dll execution reviews. "We are working expeditiously to restore service and appreciate your patience. Robware.net and RVTools.com are the only authorized and supported websites for RVTools software. Do not search for or download purported RVTools software from any other websites or sources," said Robware.net in a statement posted on its website. Such a development comes after Procolored printers were discovered by YouTuber Cameron Coward of the Serial Hobbyism channel to have been sold with software laced with the Delphi-based XRed malware and SnipVex clipper malware.
Threat actors have used the installer to enable the sideloading of a malicious DLL that prompts compromise with the Bumblebee payload, according to an analysis from cybersecurity researcher Aidan Leon. Additional details regarding the duration of the installer's availability and number of downloads before the utility website's takedown remain uncertain but Robware.net, which developed RVTools, has called on users to conduct installer hash verification and version.dll execution reviews. "We are working expeditiously to restore service and appreciate your patience. Robware.net and RVTools.com are the only authorized and supported websites for RVTools software. Do not search for or download purported RVTools software from any other websites or sources," said Robware.net in a statement posted on its website. Such a development comes after Procolored printers were discovered by YouTuber Cameron Coward of the Serial Hobbyism channel to have been sold with software laced with the Delphi-based XRed malware and SnipVex clipper malware.
