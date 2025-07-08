BleepingComputer reports that attacks leveraging a leaked copy of Shellter Project's commercial AV/EDR evasion loader tool Shellter Elite have been launched by several threat actors to facilitate the distribution of the Arechclient2, Lumma, and Rhadamanthys information-stealing payloads since April.

Malicious actors have used phishing emails and YouTube comments to spread the infostealer-deploying Shellter Elite software, which was found to have been derived from a Shellter customer's exposed copy, a report from Elastic Security Labs researchers showed. Despite having been given samples to determine the customer that had leaked the software, Shellter emphasized Elastic's failure to immediately notify them about the findings, which showed the first known misuse of its software since the firm's adoption of a stringent licensing model over two years ago. "They were aware of the issue for several months but failed to notify us. Instead of collaborating to mitigate the threat, they opted to withhold the information in order to publish a surprise expose prioritizing publicity over public safety," said Shellter, which has already launched a new version of the Elite software.