Threat Intelligence Report

RVTools Masquerade: How a Signed Fake Installer Deploys a Modular Python RAT - K7 Labs

📅 June 6, 2026 📰 labs.k7computing.com 🔍 0 CVE(s) referenced

A highly sophisticated fake RVTools installer, signed with a legitimate Sectigo certificate, is being used to stealthily deploy a modular Python RAT that targets VMware administrators, bypasses security controls, and provides attackers with persistent, privileged access to enterprise environments.

unclassified

🔐 Sign In to Read Full Report

You'll need to accept our Terms of Service to access the platform.

📊 Visual Mindmap

🎯 IOC Extraction

⚔️ MITRE ATT&CK TTPs

📦 STIX 2.1 Bundle