A previously undocumented cross-platform information stealer is being deployed by attackers exploiting a critical vulnerability in a widely used remote management tool, according to a new analysis.