Djinn Stealer Targets SimpleHelp CVE-2026-48558 Bypass

SimpleHelp, a widely used remote monitoring and management (RMM) platform, has a critical authentication bypass vulnerability, CVE-2026-48558. This flaw gives attackers a direct, authenticated technician session on vulnerable, internet-facing SimpleHelp servers, bypassing standard authentication. The CVSS score for CVE-2026-48558 is not detailed in the provided research, but it is identified as a critical authentication bypass.

Exploitation of CVE-2026-48558 has occurred in an active intrusion campaign that deploys an information stealer named Djinn Stealer. This stealer, delivered by an obfuscated JavaScript loader known as TaskWeaver, targets sensitive credentials related to cloud environments, developer tools, and artificial intelligence (AI) agents. Attackers are compromising trusted administrative and development infrastructure to increase their impact across enterprise networks.

The campaign's main goal is credential exfiltration, especially targeting identities and integrations that connect developers and administrators to enterprise systems. This includes SSH keys, API keys, service account credentials, and configuration files for common AI development tools. Organizations using SimpleHelp face significant risk because of the vulnerability's severity and the capabilities of the Djinn Stealer malware.

What is the Djinn Stealer campaign and its importance?

The Djinn Stealer campaign uses CVE-2026-48558, a critical authentication bypass in the SimpleHelp RMM platform, to gain initial access and then deploy the Djinn Stealer malware. This campaign is important because it gives attackers the same trusted remote management capabilities as a legitimate IT administrator, allowing them to quickly establish a presence across enterprise networks and steal sensitive data.

An attacker exploiting CVE-2026-48558 on an internet-facing SimpleHelp server gains an authenticated technician session. This access level allows widespread deployment of malware, such as the TaskWeaver JavaScript loader and its Djinn Stealer payload, across all endpoints managed by the compromised SimpleHelp instance. The Djinn Stealer collects various credentials and secrets from developer machines. This includes cloud credentials, SSH keys, API keys, service account credentials, and infrastructure secrets, which provide access to an organization's valuable assets and operational systems.

Djinn Stealer also searches for and exfiltrates credentials linked to AI development tools and agents. This includes local configuration files for services like Claude, Gemini, Codex, Cline, OpenCode, and Kilo. Many of these tools use the Model Context Protocol (MCP) to connect AI assistants to external tools and data, such as source repositories, databases, cloud accounts, and internal APIs. Compromising these AI-related credentials could let an attacker access and manipulate data and cloud infrastructure with the same privileges as the developer or the AI agent. Such an attack could lead to intellectual property theft, data manipulation, or even malicious code deployment within AI-driven workflows. Our previous analysis of AI agents and exfiltration of cloud credentials shows the severity of such compromises. The campaign's focus on both traditional developer secrets and AI-related credentials shows a deliberate strategy to maximize unauthorized access and control within modern technology environments.

How CVE-2026-48558 is exploited to deliver Djinn Stealer

The attack begins with threat actors scanning for internet-exposed SimpleHelp servers vulnerable to CVE-2026-48558. After successfully exploiting this critical authentication bypass, attackers get an authenticated technician session, gaining administrative control over the RMM platform. This initial access is key, as it lets attackers use the trusted nature of the SimpleHelp software to deploy further malicious payloads.

After initial access, attackers deploy an obfuscated JavaScript loader, tracked by Blackpoint Cyber's Adversary Pursuit Group (APG) as TaskWeaver. This loader is disguised as a file named jsquery.js and is hosted on temporary Cloudflare infrastructure to avoid detection and blend with legitimate network traffic. Once executed on compromised endpoints, TaskWeaver fingerprints the system to gather information about the environment and connects to a command-and-control (C2) server. The C2 infrastructure appears as legitimate Microsoft services, specifically Microsoft Dev Tunnels, increasing its stealth.

After C2 communication, TaskWeaver retrieves the second-stage payload: Djinn Stealer. This information stealer collects credentials and secrets from developer and administrator machines. Blackpoint Cyber researchers observed Djinn Stealer targeting credentials for various package registries and build-tool ecosystems, including npm, Yarn, NuGet, Composer, Maven, and PyPI. Access to these credentials could allow attackers to compromise private packages, publish malicious software, change software dependencies, and launch broader supply chain attacks, as detailed in our report on AI cloud vulnerabilities leading to token theft.

The Djinn Stealer also searches for AI development tool and agent credentials, including configuration files for services such as Claude, Gemini, Codex, Cline, OpenCode, and Kilo. The malware collects and packages the stolen data on the endpoint, encrypting it using AES-256-GCM. The encryption key is protected by RSA-2048 before the encrypted data is exfiltrated to the C2 server. The exfiltration also uses evasion techniques, with the user agent crafted to mimic normal Microsoft telemetry collection, making it hard to tell apart from legitimate network activity. The design of TaskWeaver and Djinn Stealer, along with the use of typosquatted Microsoft infrastructure, points to a deliberate operation focused on finding and collecting high-value secrets, often by scanning for vulnerable SimpleHelp instances.

What products are affected by CVE-2026-48558?

CVE-2026-48558 impacts the SimpleHelp Remote Monitoring and Management (RMM) platform. Specific affected versions of SimpleHelp are not detailed in the provided research, but the vulnerability targets internet-facing SimpleHelp servers. The platform is used by over 6,000 organizations globally to manage millions of endpoint devices.

This critical authentication bypass means any SimpleHelp instance exposed to the internet without necessary security updates or mitigations is vulnerable. The research shows opportunistic scanning for these vulnerable instances, indicating that many SimpleHelp users could be affected if the vulnerability persists.

Detection

Detecting the Djinn Stealer campaign needs a comprehensive approach, focusing on indicators of compromise (IOCs) related to the RMM compromise, the TaskWeaver loader, and the Djinn Stealer malware. Security teams should monitor and log activity across RMM infrastructure, endpoint devices, and network traffic.

  • RMM Server Activity Monitoring:
  • Unusual or unauthorized authentication attempts on SimpleHelp servers, especially those bypassing standard login procedures.
  • Sudden increases in remote deployment tasks from SimpleHelp that do not match legitimate administrative actions.
  • Logs showing mass deployment of unfamiliar scripts or applications from the SimpleHelp console to multiple endpoints.
  • Endpoint Detection and Response (EDR) Queries:
  • Look for unexpected JavaScript files, particularly those named jsquery.js or similar, created or executed in unusual directories.
  • Monitor for processes starting outbound network connections to newly seen domains or IP addresses, especially those on Cloudflare infrastructure not typically associated with legitimate operations.
  • Identify processes trying to access or modify local configuration files for cloud services, SSH keys, API keys, package registries (npm, Yarn, NuGet, Composer, Maven, PyPI), and AI development tools (Claude, Gemini, Codex, Cline, OpenCode, Kilo).
  • Detect unusual file write operations to directories containing sensitive credentials or infrastructure secrets.
  • Monitor for PowerShell commands or other scripting languages attempting to collect and package data.
  • Network Indicators:
  • Traffic to temporary Cloudflare infrastructure domains not on approved vendor lists (linked to TaskWeaver delivery).
  • C2 communications appearing as Microsoft Dev Tunnels; look for suspicious connections to IP ranges or domains known to host malicious infrastructure, even if they seem to resolve to Microsoft-like names.
  • Outbound exfiltration traffic using user agents crafted to resemble Microsoft telemetry collection. Analyze network flows for large outbound data transfers, especially encrypted ones (AES-256-GCM, RSA-2048), to unsanctioned destinations.
  • Blocking known malicious IP addresses and domains linked to the Djinn Stealer C2 infrastructure.
  • Log Analysis:
  • Review proxy and firewall logs for connections to suspicious domains or IP addresses identified via threat intelligence.
  • Audit security information and event management (SIEM) systems for alerts about credential access, suspicious process execution, and unusual network activity matching observed attack patterns.

Organizations should also use threat intelligence feeds tracking new IOCs related to Djinn Stealer and TaskWeaver to improve detection.

Remediation

Addressing the Djinn Stealer campaign and CVE-2026-48558 requires immediate action focusing on patching, system maintenance, and credential security.

  • Patch SimpleHelp: The most important step is to apply the security patch from SimpleHelp for CVE-2026-48558. Organizations should check SimpleHelp's official security advisories and promptly update all internet-facing SimpleHelp servers to the latest patched version. This will remove the initial authentication bypass vulnerability.
  • Isolate and Investigate Compromised Systems: Any system suspected of compromise via SimpleHelp or showing TaskWeaver or Djinn Stealer IOCs should be immediately isolated from the network to stop further lateral movement and data exfiltration. A thorough forensic investigation should then be done to find the extent of the compromise, identify all affected systems, and remove persistent malware.
  • Review and Harden RMM Exposure:
  • Evaluate if exposing SimpleHelp servers directly to the internet is necessary. When possible, restrict access to trusted IP ranges via firewalls or use a VPN for remote access.
  • Implement strong multi-factor authentication (MFA) for all SimpleHelp administrator accounts and technician sessions.
  • Regularly audit SimpleHelp logs for unusual activity, unauthorized technician sessions, or mass deployment tasks.
  • Rotate and Audit Credentials:
  • Immediately revoke and rotate all cloud credentials, SSH keys, API keys, service account credentials, and other infrastructure secrets that may have been on compromised developer or administrator machines. This also applies to credentials for package registries (npm, Yarn, NuGet, Composer, Maven, PyPI) and source control systems.
  • Force password resets for all users whose accounts could have been compromised, especially those with access to sensitive development or administrative environments.
  • Audit privileges linked to these credentials, following the principle of least privilege.
  • Enhance Endpoint and Network Security:
  • Ensure EDR solutions are working well and configured to detect TaskWeaver and Djinn Stealer behaviors.
  • Implement network segmentation to limit the impact of any future compromise.
  • Deploy web content filtering and email security solutions to block access to known malicious domains and prevent phishing attempts that could deliver similar malware.
  • Regularly back up critical data, configurations, and test restoration procedures to ensure business continuity if an attack succeeds.

Technical Takeaways

  • CVE-2026-48558 is a critical authentication bypass in SimpleHelp RMM, giving full administrative control upon exploitation.
  • The attack involves TaskWeaver, an obfuscated JavaScript loader, deploying the Djinn Stealer malware after initial RMM compromise.
  • Djinn Stealer targets various high-value credentials, including cloud, SSH, API, package registry, and local AI development tool configuration files (Claude, Gemini, Codex, Cline, OpenCode, Kilo).
  • Threat actors use typosquatted Microsoft infrastructure for C2 and exfiltration, with user agents mimicking Microsoft telemetry for stealth.
  • The campaign focuses on compromising administrative and development environments to gain wider access across customer tenants, production systems, and connected services.