Cyberattackers have been exploiting a critical vulnerability in remote monitoring and management (RMM) tools, giving them a direct path into enterprise environments with the same trusted access that IT administrators rely on to remotely manage systems. The latest example of this trend is an intrusion campaign dubbed “Djinn Stealer,” which has been targeting cloud and AI-related credentials.
The attack began when threat actors exploited CVE-2026-48558, a critical authentication bypass vulnerability in SimpleHelp, an RMM platform used by more than 6,000 organizations to manage millions of endpoint devices. Once inside, the attackers mass deployed an obfuscated JavaScript loader known as TaskWeaver, which was disguised as a benign file named jsquery.js and hosted on temporary Cloudflare infrastructure.
TaskWeaver was designed to fingerprint compromised systems, establish communications with a command-and-control (C2) server, and ultimately retrieve Djinn Stealer. The malware itself is built to strip a developer’s machine of everything valuable in a single pass, including cloud credentials, SSH keys, API keys, service account credentials, and other infrastructure secrets.
But what sets Djinn Stealer apart from other infostealers is its focus on AI-related data. Researchers at Blackpoint Cyber’s Adversary Pursuit Group (APG) found that the malware was equipped to search for credentials associated with AI development tools and agents, including local configuration files for services such as Claude, Gemini, Codex, Cline, OpenCode, and Kilo.
These credentials could allow an attacker to access and manipulate data and cloud infrastructure with the same privileges as the developer or the AI agent itself. As Blackpoint’s report notes, “Many of these tools rely on the Model Context Protocol (MCP) to connect an AI assistant to external tools and data on the developer’s behalf, including source repositories, databases, cloud accounts, and internal APIs.”
The increasing focus on development and admin systems by attackers is a worrying trend for security teams. By targeting RMM tools like SimpleHelp, attackers can gain access to sensitive information without needing to exploit vulnerabilities in specific applications or operating systems.
As Nevan Beal, principal MDR analyst at Blackpoint, notes, “As AI becomes embedded across development, administration, and business workflows, credentials associated with these platforms are becoming increasingly valuable to threat actors.” The breadth of Djinn Stealer’s collection rules suggests a deliberate focus on the identities and integrations that connect modern developers and administrators to the wider enterprise.
To mitigate this risk, security teams should prioritize patching RMM tools like SimpleHelp and ensure that administrative and development infrastructure is properly secured. They should also be aware of the growing threat landscape surrounding AI-related data and take steps to protect sensitive information associated with these platforms. By doing so, they can reduce the likelihood of a successful attack and minimize the impact of a potential breach.
Source: Dark Reading — 2026-06-29