- Elastic Security Labs recently reported that Shellter Elite was abused
- Someone has disclosed a license, allowing threat actors to abuse the steepness tool
- Shellter Project has published a fix to approach incidents
A popular commercial penisting tool has been mistreated for months in malware delivery campaigns, thanks to an imprudent, even malicious customer.
Elastic safety laboratories safety researchers have found threat actors abusing Shellter’s elite, the Premium version of Shellter, to deploy infosteralists and bypass modern antivirus and EDR defenses.
“Elastic Security Labs observes several campaigns which seem to be taking advantage of the AV / EDR escape commercial framework, Shellter, to load malicious software,” said the researchers in their report.
“Bold and non -professional”
Shellter was initially designed for ethical red team operations, to be used for penetration tests. To obtain a copy, a company must contact Shellter and buy a license. One of the customers seems to have disclosed a copy of Shellter Elite V11.0, which was then recovered by malicious actors and abused in the wild.
This was then confirmed by the Shellter project, the supplier of the tool, which also criticized Elastic for keeping the secret abuse.
“Elastic security laboratories have chosen to act in a way that we consider both reckless and not professional. They were aware of the question for several months, but failed to inform us. Instead of collaborating to mitigate the threat, they chose to retain information in order to publish an exposed surprise – practicing public security advertising,” said the supplier.
Once the cat had come out of the bag, Shellter Project was able to do two key things: identifying the (potentially) malicious business that disclosed the tool and released a patch that would prevent future abuse. They also said that a patch was already underway and that they had the chance not to have published it earlier.
“Because of this lack of communication, he was lucky that the customer involved did not have access to our next version. If we had not postponed the launch for unrelated personal reasons, they would have received a new version with improved execution escape capacities – even against the own Elastic detection mechanisms.”
The latest Elite 11.1 version will only be distributed to verified customers, excluding the leak.
Via Bleeping Compompute
