Security researchers have uncovered a new malware threat that specifically targets valuable cloud and AI credentials, potentially compromising the very infrastructure that modern organizations rely on for their critical operations. The so-called "Djinn" infostealer represents an evolution in credential-focused attacks, leveraging a previously undisclosed vulnerability in a popular remote support solution to gain unauthorized access to sensitive systems.
The Djinn malware operates by exploiting CVE-2026-48558, a critical authentication bypass vulnerability found in SimpleHelp, a remote access and support tool used by many organizations. This flaw allows attackers to circumvent normal authentication processes, effectively handing them the keys to systems where the software is deployed. Once inside, the malware systematically searches for and exfiltrates credentials that connect development and administrative environments to broader enterprise systems, with a particular focus on cloud service providers and AI platform access tokens.
Organizations utilizing SimpleHelp in their environment should consider themselves potential targets, particularly those in the technology sector where development and cloud infrastructure are integral to daily operations. The stolen credentials