Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer

Threat actors are continuing to exploit a critical, now-patched security flaw impacting FortiClient Endpoint Management Server (EMS) deployments to deliver credential-stealing malware. "The campaign abused trusted endpoint management infrastructure to deliver malware across managed endpoints," Arctic Wolf said. "Threat actors disguised the credential stealer payload as a Fortinet endpoint

The article describes active exploitation of CVE-2026-35616, a critical unauthenticated access-control bypass in FortiClient EMS that allows threat actors to hijack trusted management APIs and push a credential-stealing payload (EKZ Infostealer) to all managed endpoints via PowerShell and fake Fortinet update binaries.[1][2][4] Attackers use the EMS control plane and features such as VPN on_connect scripts to distribute malware that harvests browser passwords, cookies, and autofill data, then exfiltrates it over HTTP to attacker infrastructure.[1][2][4] From a CyberSE.AI perspective, this highlights how compromise of a centralized management/SaaS-like control plane in an AI or IT environment (e.g., an AI platform’s orchestration or agent-management service) can turn otherwise trusted update and scripting channels into large-scale malware or data exfiltration vectors. Organizations deploying AI platforms should treat management/control planes as part of their AI supply chain, maintain an SBOM and vulnerability tracking for these components, and strictly limit network access and script-execution features to reduce the blast radius of similar abuse.