Attackers don't need any special authentication to reach a target endpoint — they just need to know where it is.
The infostealer was delivered via CVE-2026-48558, a critical authentication bypass vulnerability in SimpleHelp.