New PCPJack Worm Steals Credentials and Cleans TeamPCP Infections

A new cloud-focused malware framework called PCPJack is targeting exposed infrastructure, stealing credentials, and removing competing malware linked to TeamPCP from compromised systems.

According to SentinelLabs, PCPJack is designed for large-scale credential theft across Linux-based cloud environments. The malware targets exposed services such as Docker, Kubernetes, Redis, MongoDB, RayML, and vulnerable web applications, often using compromised systems as a foothold to move laterally across internal networks.

Unlike many cloud malware campaigns that focus on cryptomining, PCPJack appears centered on stealing credentials that can be monetized through fraud, spam operations, resale of stolen access, extortion, or additional intrusions

PCPJack removes TeamPCP before taking over

One of the more unusual parts of PCPJack is that it actively searches for and removes artifacts associated with TeamPCP, a threat group known for cloud and supply-chain attacks.

TeamPCP has previously been linked to compromises involving Aqua Security’s Trivy scanner, LiteLLM, Telnyx PyPI packages, and other developer-focused software supply-chain attacks. Unit 42 reported earlier this year that TeamPCP had targeted widely used security and developer tools, including Trivy, KICS, LiteLLM, and Telnyx’s Python SDK.

SentinelLabs says PCPJack’s overlap with earlier TeamPCP tactics suggests the malware may have been built by a former TeamPCP member or affiliate familiar with the group’s tooling. The researchers noted that PCPJack targets many of the same services seen in TeamPCP and PCPCat activity from late 2025 and early 2026.

During installation, PCPJack checks for TeamPCP-related processes, services, containers, files, and persistence mechanisms. It then attempts to remove them before establishing its own foothold on the host.

How PCPJack infects cloud systems

PCPJack infections begin with a Linux shell script named bootstrap.sh. Once executed, the script creates a hidden working directory, installs Python dependencies, downloads additional modules, sets up persistence, and launches the main orchestrator component, monitor.py.

After deployment, PCPJack begins scanning for exposed cloud and application services. SentinelLabs observed the malware targeting Docker, Kubernetes, Redis, MongoDB, RayML, and vulnerable web applications. It also uses hostname data from Common Crawl parquet files to generate additional scanning targets.

The malware can exploit known vulnerabilities to gain access, including:

• CVE-2025-29927 — Next.js middleware authentication bypass
• CVE-2025-55182, also known as React2Shell — React and Next.js Server Actions deserialization flaw
• CVE-2026-1357 — unauthenticated file upload in WPVivid Backup
• CVE-2025-9501 — PHP injection in W3 Total Cache
• CVE-2025-48703 — shell injection in CentOS Web Panel Filemanager

Once inside an environment, PCPJack attempts to expand access by harvesting SSH keys and credentials, enumerating Kubernetes clusters and Docker daemons, and executing itself on reachable internal systems.

Credentials targeted by PCPJack

PCPJack’s main objective appears to be credential theft. The framework searches for cloud secrets, developer credentials, messaging tokens, database credentials, financial service data, and application configuration files.

Targets include credentials related to:

• Cloud platforms and exposed infrastructure
• Docker and Kubernetes environments
• Redis, MongoDB, and other databases
• SSH keys
• Slack tokens
• WordPress configuration files
• OpenAI and Anthropic API keys
• Discord
• DigitalOcean
• Financial and productivity services

Stolen credentials are encrypted before exfiltration. SentinelLabs says PCPJack uses X25519 ECDH and ChaCha20-Poly1305, then sends the encrypted data to Telegram channels in small chunks designed to fit Telegram message limits.

Persistence and lateral movement

After gaining access, PCPJack establishes persistence through several methods, including systemd services, cron jobs, Redis cron rewrites, and privileged containers.

The malware then continues scanning and spreading from the compromised environment. In internal networks, PCPJack can use stolen SSH keys, discovered credentials, Kubernetes access, and Docker daemon access to move laterally.

SentinelLabs also found a Sliver-based backdoor on infrastructure tied to the threat actor, with builds supporting multiple architectures, including x86_64, x86, and ARM.

Why this campaign matters

PCPJack shows how cloud malware campaigns are becoming more competitive and specialized. Instead of simply infecting exposed systems and deploying a cryptominer, PCPJack removes a rival threat group’s access, takes control of the compromised host, and focuses on credentials that can be used for broader attacks.

That makes the campaign especially dangerous for organizations that store secrets in plaintext, expose management services to the internet, or run cloud workloads with overly broad permissions.

How to defend against PCPJack

Organizations should immediately review exposed cloud services and harden authentication across cloud and container infrastructure.

Recommended actions include:

• Require multi-factor authentication for cloud accounts and developer platforms.
• Use AWS IMDSv2 instead of IMDSv1.
• Do not expose Docker, Kubernetes, Redis, MongoDB, or RayML services directly to the internet.
• Enforce authentication on all management interfaces.
• Rotate exposed or potentially stolen credentials.
• Audit SSH keys, API keys, cloud tokens, and CI/CD secrets.
• Avoid storing secrets in plaintext configuration files.
• Apply least-privilege access controls across cloud accounts and Kubernetes clusters.
• Monitor for suspicious cron jobs, systemd services, privileged containers, and unknown Python processes.
• Patch vulnerable web applications and frameworks, especially those affected by the CVEs listed above.

PCPJack is a reminder that exposed cloud infrastructure is not just a cryptomining risk. Once attackers obtain credentials, they can move deeper into business systems, steal sensitive data, abuse developer environments, and sell access to other threat actors.