Cyber Security

Attackers Use SimpleHelp CVE-2026-48558 to Deploy TaskWeaver and Djinn Stealer

An unknown malicious actor has been spotted exploiting a newly disclosed vulnerability in SimpleHelp’s robustness to deliver two previously unreported malware families, TaskWeaver again Djinn Stealer.

Entry includes the exploitation of CVE-2026-48558 (CVSS Score: 10.0), a critical authentication bypass vulnerability affecting the OpenID Connect (OIDC) flow that an unauthenticated attacker could use to obtain an “expert session” by sending a forged token containing improper identity claims.

“TaskWeaver is a highly obfuscated Node.js loader, delivered as jquery.js and executed via node.exe, that uses an encrypted, reusable payload delivery channel rather than a fixed set of backend exploit commands,” Blackpoint Cyber ​​said in an analysis. “The second-tier payload, Djinn Stealer, targets Windows, macOS, and Linux systems.”

Djinn Stealer is designed to harvest credentials associated with cloud platforms, source control, package registration, infrastructure tools, AI development assistants, browsers, SSH, and cryptocurrency wallets.

Details of CVE-2026-48558 emerged earlier this month when Horizon3.ai, which discovered the bug, says it affects servers configured to use standard OIDC or Azure AD OIDC and that it stems from the way SimpleHelp validates IdP assertions.

“In many implementations of SimpleHelp with OIDC-type authentication enabled, an unauthenticated attacker could create and authenticate as a new ‘Technician’ user,” said Horizon3.ai security researcher Zach Hanley. “This specialist, by default, can perform privileged administrative tasks such as remote extraction from managed environments, document execution, and more.”

“Even if the SimpleHelp server is configured to use MFA for professionals, this issue allows an attacker to bypass this mechanism because at the first login, professionals can register their own MFA method.”

In a series of attacks documented by Blackpoint Cyber, successful exploitation of a Remote Monitoring and Management (RMM) software flaw is said to have enabled a threat actor to obtain an authenticated “Professional” session on a publicly accessible server, which was then exploited to execute TaskWeaver and Djinn Stealer.

“The vulnerable RMM platform provided the operator with a trusted management channel capable of transferring files and executing commands to server-managed systems,” said researchers Nevan Beal and Sam Decker.

TaskWeaver is a modular Node.js loader that can fingerprint the system, establishing an encrypted connection with a remote server (“a.dev-tunnels[.]com”), and retrieving and executing additional JavaScript payloads with high-level access to the Node.js runtime. The final category is phishing designed to extract sensitive data from vulnerable Windows, macOS, or Linux hosts.

The scope of information targeted by the thief is as follows:

  • Information, history, and bookmarks stored in web browsers
  • Configuration and authentication data associated with AWS, Azure, Google Cloud, Oracle Cloud Infrastructure, Okta, Cloudflare, DigitalOcean, Linode, Heroku, Vercel, Railway, Supabase, Pulumi, Terraform, HashiCorp Vault, and Consul
  • GitHub CLI data
  • Git configuration
  • SSH keys
  • Docker authentication
  • Helm registration information
  • S3 and MiniO client configuration
  • Modification of information
  • Validation of npm, pnpm, Yarn, NuGet, Cargo, Composer, Maven, Gradle, pip, PyPI, Conda, Bun, Ivy, and Scala Build Tool
  • Configuration, authentication, session, and project data associated with Anthropic Claude, Google Gemini, OpenAI Codex, Cline, OpenCode, and Kilo
  • Cryptocurrency wallets and wallets associated with Bitcoin, Litecoin, Dogecoin, Dash, Ethereum, Monero, Zcash, Exodus, Atomic Wallet, and Electrum

On Linux systems, the malware also tries to read “/proc//cmdline” and “/proc//environ” virtual files may contain information about the running process, such as passwords, API keys, access tokens, database connection strings, and other sensitive values ​​passed in command-line arguments or environment variables.

Once the information is collected, it is packed into a TAR archive, compressed with GZIP, encrypted using an AES-256-GCM key protected by an RSA-2048 public key embedded in TaskWeaver, and released to an infrastructure controlled by the attacker (“96.126.130)[.]126:58942).

The campaign shows that threat actors are increasingly going after Artificial Intelligence (AI)-enabled platforms as the technology becomes embedded in all business applications, enabling them to abuse the privileges of AI assistants to access sensitive data.

“One pass of authentication has become a gateway to everything that managed systems can access, from cloud networks and code repositories to AI tools, cryptocurrency wallets, and customer infrastructure,” the researchers said.

“Information accessible from a developer or administrator’s workstation may provide access to production infrastructure, build pipelines, source code collections, deployment platforms, cloud tenants, and customer environments long after the endpoint is contained.”

The active exploit of CVE-2026-48558 prompted the Cybersecurity and Infrastructure Security Agency (CISA) of the US to add it to the catalog of Known Exploited Vulnerabilities (KEV), requiring Federal Civilian Executive Branch (FCEB) agencies to apply a fix by July 2, 2026.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button