logo

'Djinn' Stealer Targets Cloud, AI Credentials

ID: 4f984076-329f-5cc5-80e7-f83e7d2fd8f9

STIX ID: report--4f984076-329f-5cc5-80e7-f83e7d2fd8f9

Feed Name: Dark Reading

Threat Score
78/100

Date Published: 2026-06-29

Date Updated: 2026-07-02

Author: Jai Vijayan

...
...

Attackers exploited CVE-2026-48558 in the SimpleHelp RMM platform to gain admin-equivalent remote access, mass-deploy an obfuscated JavaScript loader (TaskWeaver) masquerading as jsquery.js, and retrieve Djinn Stealer. Djinn Stealer harvests a wide array of high-value credentials — cloud keys, SSH keys, package-registry tokens, CI/CD secrets, and AI development tool tokens — packages them, encrypts the data for exfiltration, and poses elevated supply-chain and enterprise risk due to the trusted nature of RMM access.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.