An attack exploiting a maximum-severity SimpleHelp authentication bypass vulnerability was found to deliver a loader dubbed TaskWeaver and ultimately deploy a novel infostealer dubbed Djinn Stealer, Blackpoint’s Adversary Pursuit Group (APG) reported Monday.The attack exploited the SimpleHelp vulnerability tracked as CVE-2026-48558, which was disclosed and patched earlier this month. The flaw has a CVSS score of 10.0 and enables a remote, unauthenticated attacker to initiate privileged technician sessions due to a flaw in the remote monitoring and management (RMM) software’s OIDC authentication process. The flaw was fixed in SimpleHelp versions 5.5.16 and 6.0 RC2.After gaining access by crafting a fraudulent identity token, which SimpleHelp’s OIDC authentication flow accepts without verifying its cryptographic signature, the attacker leveraged the RMM session to download the file jquery.js from a trycloudflare.com domain and execute it using Node.js. Disguised as the legitimate jQuery library, the file actually contains the single-line, obfuscated TaskWeaver loader, Blackpoint said.TaskWeaver is heavily obfuscated using a combination of base91 encoding with dozens of different character alphabets used for different strings, indirect constant tables and a flattened control flow. It beacons to a command-and-control server using a hybrid encryption scheme to hide its traffic, encrypting data with AES-256-GCM and then encrypting the corresponding 256-bit AES key with RSA-OAEP.The loader also reconstructs access to Node.js’ require() function at runtime to hide its dangerous activity from static analysis, Blackpoint found. After collecting and relaying system information to the C2 server, which uses a domain name designed to resemble legitimate Microsoft Dev Tunnels infrastructure, it receives a task to decrypt and execute a JavaScript payload with full Node.js functionality.Blackpoint APG recovered this payload by deobfuscating TaskWeaver and creating a client that emulated the loader’s behavior. They used this client to issue a request to the attacker’s server, retrieving the Djinn Stealer payload.Djinn Stealer works across Windows, macOS and Linux systems, using OS-specific rules to traverse directories and steal sensitive files. The stealer excludes certain files, such as caches, logs and temporary files, removes duplicates and limits the file sizes and number of files it collects to avoid large transfers that would raise suspicion.The stealer specifically targets a wide variety of secrets related to cloud services, developer environments, package registries, AI tools and cryptocurency, including:Once files are collected, the stealer stores them in a PAX format tar archive compressed with gzip and encrypted using the same hybrid scheme used by TaskWeaver. The encrypted archive is exfiltrated to the C2 server via plain HTTP.Blackpoint recommended organizations that use SimpleHelp immediately apply patches for CVE-2026-48558 and remove any vulnerable instances from direct internet exposure. To check for previous exploitation, organizations should review SimpleHelp logs for signs such as newly created accounts, unfamiliar IP addresses, unusual login times and unexpected OIDC changes.If a compromise is detected, all active SimpleHelp technician sessions should be terminated and all credentials, API keys, identity-provider configurations and other integration secrets associated with the SimpleHelp server should be rotated, Blackpoint advised.Any credentials that may have been compromised should also be rotated, and accounts investigated for misuse. The researchers noted that development-related and package registry credentials could be used to push malicious software changes, while persistent access to AI tools can lead to an extended compromise of anything the AI has access to.In general, Blackpoint recommended the use of multi-factor authentication (MFA) for RMM platform logins and placing RMM administrative interfaces behind VPNs or identity-aware proxies to restrict access. The company advised segmenting technician account access to reduce the blast radius of a rogue account, and alerting when RMM instances launch runtimes such as Node.js, PowerShell, Python, Deno or Bun.Blocking unnecessary runtimes and tunneling services like trycloudflare.com could also help prevent similar attacks, while shifting from long-lived to short-lived credentials in developer workflows can minimize the impact of a compromise, Blackpoint concluded.
- Authentication and configuration data for AWS, Azure, Google Cloud, Oracle Cloud Infrastructure, Okta, Cloudflare, DigitalOcean, Linode, Heroku, Vercel, Railway, Supabase, Pulumi, Terraform, HashiCorp Vault and Consul
- GitHub CLI data, Git configurations, SSH keys, Docker authentication data, Helm registry information, S3 and MinIO client configurations and Subversion credentials
- Npm, pnpm, Yarn, NuGet, Cargo, Composer, Maven, Gradle, pip, PyPI, Conda, Bun, Ivy and Scala Build Tool credentials
- Authentication, configuration, session, MCP connection and project data for Anthropic Claude, Google Gemini, OpenAI Codex, Cline, OpenCode and Kilo
- Cryptocurrency wallets and keystores related to Bitcoin, Litecoin, Dogecoin, Dash, Ethereum, Monero, Zcash, Exodus, Atomic Wallet and Electrum
- Browser history, bookmarks, shell history, database client files, PGP data and SSH configurations
