'Djinn' Stealer Targets Cloud, AI Credentials
ID: 4f984076-329f-5cc5-80e7-f83e7d2fd8f9
STIX ID: report--4f984076-329f-5cc5-80e7-f83e7d2fd8f9
Feed Name: Dark Reading
Attackers exploited CVE-2026-48558 in the SimpleHelp RMM platform to gain admin-equivalent remote access, mass-deploy an obfuscated JavaScript loader (TaskWeaver) masquerading as jsquery.js, and retrieve Djinn Stealer. Djinn Stealer harvests a wide array of high-value credentials — cloud keys, SSH keys, package-registry tokens, CI/CD secrets, and AI development tool tokens — packages them, encrypts the data for exfiltration, and poses elevated supply-chain and enterprise risk due to the trusted nature of RMM access.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
