Attackers have begun using a cracked copy of Shellter Elite v11.0—a powerful antivirus/EDR evasion tool intended for legitimate red‑team operations—to deliver infostealer malware such as Lumma, Arechclient2/ SectopRAT, and Rhadamanthys. Elastic Security Labs first observed abuse of this tool in late April 2025, with threat actors packaging malware within legitimate-looking executables protected by Shellter to evade detection, often distributing them via phishing emails, YouTube comments, and file‑hosting services like MediaFire.

The malicious actors are exploiting Shellter’s advanced evasion capabilities—such as polymorphic shellcode, DLL preloading, API hooking bypasses, memory-scan evasion, and anti-debugging—to slip past security tools undetected. Elastic has released a dynamic unpacker to help defenders analyze and extract payloads, while Shellter’s developers confirmed the leak, patched version 11.1, and now restrict distribution to trusted customers.

‍

Source: https://www.darkreading.com/threat-intelligence/hackers-shellter-red-team-tool-evade-detection