TZUTC: -0500
MSGID: 1225.consprcy@1:2320/105 2cd3afee
PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0
TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0
BBSID: CAPCITY2
CHRS: ASCII 1
This top security platform is being hacked to carry out malware threats

Date:
Tue, 08 Jul 2025 16:04:00 +0000

Description:
A patch should have now made future attacks using Shellter Elite impossible.

FULL STORY

A popular commercial pentesting tool was being abused for months in malware
delivery campaigns, thanks to a reckless, or possibly even malicious,
customer. 

Security researchers from Elastic Security Labs found threat actors abusing
Shellter Elite, the premium version of SHELLTER, to deploy infostealers and
bypass modern antivirus and EDR defenses. 

Elastic Security Labs is observing multiple campaigns that appear to be
leveraging the commercial AV/EDR evasion framework, SHELLTER, to load 
malware, the researchers said in their report . 

"Reckless and unprofessional" 

Shellter was originally designed for ethical red team operations, to be used
for penetration testing. To obtain a copy, a company must reach out to
Shellter and purchase a license. One of the clients seems to have leaked a
copy of Shellter Elite v11.0, which was later picked up by malicious actors
and abused in the wild. 

This was subsequently confirmed by the Shellter Project, the tools vendor, 
who also slammed Elastic for keeping the knowledge about abuse a secret. 

Elastic Security Labs chose to act in a manner we consider both reckless and
unprofessional. They were aware of the issue for several months but failed to
notify us. Instead of collaborating to mitigate the threat, they opted to
withhold the information in order to publish a surprise exposprioritizing
publicity over public safety, the vendor said. 

Once the cat was out of the bag, Shellter Project was able to do two key
things: identify the (potentially) malicious company that leaked the tool and
release a patch that would prevent future abuse. They also said a patch was 
in the pipeline already, and that they were lucky not to have released it
sooner. 

Due to this lack of communication, it was sheer luck that the implicated
customer did not gain access to our upcoming release. Had we not postponed 
the launch for unrelated personal reasons, they would have received a new
version with enhanced runtime evasion capabilitieseven against Elastics own
detection mechanisms. 

The newest Elite version 11.1 will only be distributed to vetted customers,
excluding the leaker. 

 Via BleepingComputer

======================================================================
Link to news story:
https://www.techradar.com/pro/security/this-top-security-platform-is-being-hac
ked-to-carry-out-malware-threats

$$
--- SBBSecho 3.20-Linux
 * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)
SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700
SEEN-BY: 226/30 227/114 229/110 111 206 300 307 317 400 426 428 664
SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45
SEEN-BY: 460/58 712/848 902/26 2320/0 105 304 3634/12 5075/35
PATH: 2320/105 229/426