The official site for RVTools has been hacked to serve a compromised installer for the popular VMware Environment Report utilities.
“Robware.net and rvtools.com are currently offline. We are working promptly to restore services and appreciate your patience,” the company – Note In a statement posted on his site.
“Robware.net and rvtools.com are the only authorized and supported web -shaped RVTools software. Don’t look or download RVTools software from any other sites and sources.
Development occurs after Aidan Leon’s security researcher disclosed that the infected version of the installer loaded from the web -car was used to download A malicious dll This proved to be a well -known forklift malware called Bumblebee.
It is currently unknown how long the Trojonized RVTools version has been available to download and how much they have been installed before the site was made offline.
In the intermediate mode, the user is advised to check the hash installation and revise any execution of the.Dll of User Directory.
The disclosure of the information comes out when it turned out that the official software that comes with the help of puncular printers included the back of the Delphi called Xred and the malicious Clipper software, called Snipvex, which is able to replace the wallet addresses in the discussion in the buffer.
Details of the malicious activity were For the first time discovered Cameron Circle, which is beyond the serial hobby of YouTube.
XredSupposedly, actively, at least 2019, comes with features for collecting system information, log keys, distribution using USB drives and command executions sent from a controlled attacker to capture the screenshots listed file systems and catalogs, download files and file delete files.
“(Snipvex) searches the clipboard for content that resembs a btc address and replaces it with the attacker’s address, such that cryptocurrency transaction Who Further Investigated The Incident, – Note.
But in an interesting turn, malicious software infects .exe files with Clipper functionality and uses sequence of infection-0x0a 0x0c A Address wallet To date, 9,30857859 BTC (about $ 974,000) has turned out.
Since then, Procolored acknowledged that software packages have been downloaded to the Mega File hosting service in October 2024 through the USB and that malicious software may have been introduced during this process. Downloading software is currently available for F13 Pro, VF13 Pro and V11 Pro.
“The server of teams and malware control has been offline since February 2024,” Khan said. “Therefore, it is impossible that Xred established a successful remote connection after that date. The cover virus clipbanker snipvex is still a serious threat. Although the transaction to BTC stopped on March 3, 2024, the infection system itself is harmful.”
