Hackers are using the Shellter tool to distribute stealer malware in new campaigns. A leak of Shellter Elite licenses led to weaponization of the tool by threat actors. An update has been released to address the exploitation issue. Reports from Elastic Security Labs revealed that since April 2025, malicious actors have misused Shellter to propagate various types of stealer malware. Campaigns have exploited self-modifying shellcode and polymorphic obfuscation techniques to evade detection by security software.
"Despite our rigorous vetting process - which has successfully prevented such incidents since the launch of Shellter Pro Plus in February 2023 - we now find ourselves addressing this unfortunate situation."
"Shellter-protected samples commonly employ self-modifying shellcode with polymorphic obfuscation to embed themselves within legitimate programs."
"Elastic said it identified multiple financially motivated infostealer campaigns using SHELLTER to package payloads beginning late April 2025, with the activity leveraging Shellter Elite version 11.0 released on April 16, 2025."
"This combination of legitimate instructions and polymorphic code helps these files evade static detection and signatures, allowing them to remain undetected."
Collection
[
|
...
]