Ethical Hacking News
Hackers have been found to be abusing a leaked version of the commercial AV/EDR evasion loader tool, Shellter Elite, to deploy highly sophisticated infostealers. The incident highlights the importance of security researchers and vendors working together to prevent the misuse of sensitive tools like Shellter Elite.
Hackers are using a leaked version of Shellter Elite, a commercial AV/EDR evasion loader tool, to deploy infostealers. The hackers obtained the software through a customer who had recently purchased licenses for the tool. The misuse of the leaked software has led to a significant increase in malicious activity, with infostealers stealing sensitive information from unsuspecting victims. Shellter Project released an updated version of the software, Shellter Elite v11.1, which will only be distributed to vetted customers. Elastic Security Labs apologized for its handling of the situation and assured it does not collaborate with cybercriminals.
In a shocking turn of events, hackers have been found to be abusing a leaked version of the commercial AV/EDR evasion loader tool, Shellter Elite, to deploy highly sophisticated infostealers. The revelation was made by Bill Toulas, a tech writer and infosec news reporter who has been covering the story for several weeks.
According to reports from Elastic Security Labs, multiple threat actors have been using the leaked version of Shellter Elite v11.0 to deliver infostealer malware, which is designed to steal sensitive information such as login credentials, financial data, and other personal identifiable information.
The hackers are believed to have obtained a copy of the software through a customer who had recently purchased licenses for the tool. The vendor, Shellter Project, confirmed that the leak occurred in April and has been ongoing for several months. Despite being aware of the issue, the company did not receive notification from Elastic Security Labs, which is responsible for detecting and reporting security threats.
The misuse of the leaked Shellter Elite software has led to a significant increase in malicious activity, with infostealers being used to steal sensitive information from unsuspecting victims. According to reports, the hackers are using a variety of tactics, including exploiting vulnerabilities in YouTube comments and phishing emails, to distribute the malware.
In response to the incident, Shellter Project released an updated version of the software, Shellter Elite v11.1, which will only be distributed to vetted customers. The company has also expressed its disappointment with Elastic Security Labs for not informing them of the issue earlier and prioritizing publicity over public safety.
Meanwhile, Elastic Security Labs has apologized for its handling of the situation and assured that it does not collaborate with cybercriminals. The company has also developed detections for v11.0-based samples, which will help to identify and flag malicious activity.
This incident highlights the importance of security researchers and vendors working together to prevent the misuse of sensitive tools like Shellter Elite. It also underscores the need for companies to prioritize transparency and communication in the face of security incidents.
In a world where cybersecurity threats are becoming increasingly sophisticated, it is essential for individuals and organizations to remain vigilant and take steps to protect themselves from the latest threats. The use of infostealers is just one example of how hackers can use leaked software to steal sensitive information and compromise security.
Related Information:
https://www.ethicalhackingnews.com/articles/Hackers-Exploit-Leaked-Shellter-Red-Team-Tool-to-Deploy-Highly-Sophisticated-Infostealers-ehn.shtml
https://www.bleepingcomputer.com/news/security/hackers-abuse-leaked-shellter-red-team-tool-to-deploy-infostealers/
Published: Mon Jul 7 10:43:30 2025 by llama3.2 3B Q4_K_M
