- Elastic Security Labs recently reported the abuse of Shellter Elite
- Someone leaked a license, allowing threat actors to abuse the Penteting tool
- Shellter Project launched a patch to address incidents
He abused a popular business tool for months in malware delivery campaigns, thanks to an imprudent or possibly malicious client.
Elastic Security Labs security researchers found the threat actors who abuse Shellter Elite, Shellter’s premium version, to display infants infants and avoid modern antivirus and EDR defenses.
“Elastic Security Labs is observing multiple campaigns that seem to be taking advantage of the commercial framework of AV/EDR evasion, Shellter, to load malware,” the researchers said in their report.
“Reckless and non -professional”
Shellter was originally designed for ethical operations of the red equipment, which will be used for penetration tests. To get a copy, a company must communicate with Shellter and buy a license. One of the clients seems to have filtered a copy of Shellter Elite V11.0, which was later collected by malicious actors and abused in nature.
Subsequently, this was confirmed by the Shellter project, the provider of the tool, who also criticized elastic for maintaining knowledge about secret abuse.
“Elastic security laboratories chose to act in a way that we consider both reckless and non -professional. They were aware of the problem for several months, but failed to notify us. Instead of collaborating to mitigate the threat, they chose to retain the information to publish a surprise exhibition, prioritizing advertising on public safety,” said the supplier.
Once the cat was out of the bag, Shellter Project could do two key things: identify the malicious (potentially) company that leaked the tool and release a patch that would avoid future abuse. They also said that a patch was already in process, and that they were lucky not to have launched it before.
“Due to this lack of communication, it was a great luck that the client involved did not get access to our next launch. If we had not postponed the launch for unrelated personal reasons, they would have received a new version with improved capabilities of evasion of execution time, not even against the elastic detection mechanisms.”
Elite’s new 11.1 version will only be distributed to the clients examined, excluding the filter.
Through Bleepingcomputer
