A critical flaw in SimpleHelp, remote-access software used by IT teams and managed service providers, has been exploited to deliver a new malware strain called Djinn Stealer to Windows, macOS, and Linux machines.
The vulnerability, tracked as CVE-2026-48558, affects systems using OpenID Connect (OIDC) authentication and can allow an attacker to bypass login protections and create privileged technician sessions without valid credentials.
Once inside, the attackers gain access to the same trusted administrative channel used by IT teams and managed service providers to control customer environments. From there, they can transfer files, execute commands, and move laterally across managed systems.
According to Blackpoint’s Adversary Pursuit Group, that trusted access was used to deploy two previously unseen malware families: a Node.js-based loader called TaskWeaver and a cross-platform infostealer named Djinn Stealer.
TaskWeaver: The hidden loader
Investigators found TaskWeaver delivered as a file disguised as “jquery.js,” pulled from a temporary Cloudflare-hosted domain, and executed via Node.js.
Despite the familiar name, the file had nothing to do with the legitimate jQuery library. Instead, it functioned as a heavily obfuscated loader designed to fingerprint infected systems, communicate with command-and-control servers, and pull down additional JavaScript payloads.
The loader reconstructs native Node.js capabilities at runtime to avoid detection and to establish encrypted communication channels with the attacker’s infrastructure.
Djinn Stealer targets developers and cloud systems
The second-stage payload, Djinn Stealer, is where the campaign becomes especially dangerous.
Blackpoint reports that Djinn Stealer runs across Windows, macOS, and Linux and is built to harvest a wide range of sensitive data in a single pass. That includes cloud credentials, SSH keys, Git configurations, infrastructure tools, browser data, and cryptocurrency wallet files.
But its scope goes further than traditional malware. Djinn Stealer also targets credentials tied to developer ecosystems and modern software pipelines, including package managers, CI/CD tools, and infrastructure-as-code platforms.
Crucially, it also focuses on authentication data used by AI development tools and Model Context Protocol (MCP) configurations. These tokens can grant access to repositories, databases, and cloud services connected to AI assistants. Stealing these credentials does not just compromise a single tool; it can expose the broader systems that developers have linked to it, Blackpoint warned.
Why this attack chain matters
The intrusion began with a single authentication bypass in an RMM platform, but the impact extends far beyond one system.
RMM tools like SimpleHelp are widely trusted across enterprise environments. When compromised, they can act as a high-privilege gateway into customer infrastructure. In this case, attackers used that trust to deploy malware at scale, leveraging legitimate administrative workflows to avoid suspicion.
The design of Djinn Stealer further amplifies the risk. Targeting developer machines can expose source code repositories, cloud environments, build pipelines, and even AI-assisted development systems, all from a single compromised endpoint.
Following disclosure, the US Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-48558 to its Known Exploited Vulnerabilities catalog, confirming active real-world exploitation.
Must-read security coverage
- UK Police Convicts Pair in £5.5 Billion Bitcoin Launder Case
- Blackpoint Cyber vs. Arctic Wolf: Which MDR Solution is Right for You?
- How GitHub Is Securing the Software Supply Chain
- 8 Best Enterprise Password Managers
Analysis: A shift toward developer-level theft
This incident shows a clear evolution in malware targeting. Djinn Stealer is not just hunting for browser passwords or local files. It is specifically designed for developers and infrastructure ecosystems.
By targeting package managers, CI/CD tools, AI assistants, and cloud credentials, attackers can move beyond endpoint compromise into supply chain and infrastructure attacks.
The inclusion of AI tool credentials is especially notable. As developers increasingly connect AI assistants directly to internal systems, those tokens become high-value keys to everything those assistants can reach.
The biggest tradeoff exposed here is convenience versus centralization. RMM tools make IT management efficient, but they also concentrate trust and access into a single system. When that system is compromised, the blast radius is enormous.
Another issue is credential sprawl. Developer machines often contain overlapping access to cloud accounts, repositories, and automation systems. Djinn Stealer exploits that reality by collecting everything in one sweep. Even if endpoint infections are contained, stolen credentials may remain usable unless they are rotated quickly.
What needs to happen next
Security researchers and responders recommend immediate patching of SimpleHelp systems, especially those exposed to the internet. Organizations should also invalidate sessions from unknown technicians and audit RMM activity logs.
Credential rotation is critical. Cloud keys, Git tokens, SSH credentials, and AI assistant tokens may all be at risk if a system is exposed. Defenders are urged to treat developer environments as high-value targets equal to production infrastructure.
Also read: KDDI said a third-party software flaw exposed up to 14.2 million ISP email accounts, showing how shared infrastructure can turn one weakness into a wider credential risk.