Some days ago, the official site for RVTools has been hacked and the installer for the popular VMware environment reporting utility has been compromised to deliver Bumblebee Malware.
The official web sites, Robware.net and RVTools.com, are currently offline to avoid any additional distribution of this malware.
The malicious version.dll file was identified as a custom variant of the Bumblebee loader. This malware is designed to establish initial access within networks, allowing threat actors to deploy additional payloads such as ransomware. In this case, the malware executed stealthily, leveraging legitimate system processes to avoid detection.
If you have downloaded the RVTools version 4.7.1 (or other version) in the last days, uninstall it and perform a full scan of your system.
This incident is part of a broader trend of supply chain attacks targeting trusted software tools. Threat actors are increasingly exploiting the trust users place in legitimate software to distribute malware.
And it’s a good lesson to learn.
Update: May 28, 2025
RVTools is currently available for download through Dell Technologies. To access the only secure and supported version of the software, please follow the instructions outlined in this Knowledge Base (KB) article:
https://www.dell.com/support/kbdoc/000325532
⚠️ Dell Technologies, Robware.net and RVTools.com are the only authorized and supported sources for RVTools software. Do not search for, download or access any purported RVTools software from any other websites, sources or vendors.
