Cybersecurity researchers have identified a new credential theft framework named PCPJack that is actively targeting exposed cloud infrastructure while removing artifacts associated with TeamPCP from compromised environments. The toolset is designed to harvest credentials from a wide range of services including cloud platforms, container environments, developer tools, productivity applications, and financial systems. According to analysis shared by SentinelOne security researcher Alex Delamotte, the framework exfiltrates collected data through attacker controlled infrastructure while simultaneously attempting to expand its reach to additional hosts within the same environment. The system operates with a worm like behavior pattern, allowing it to propagate across cloud systems and increase its footprint after initial compromise.
PCPJack is engineered to target multiple cloud and infrastructure services including Docker, Kubernetes, Redis, MongoDB, RayML, and vulnerable web applications. Its design allows attackers to move laterally within compromised networks while continuously spreading to new systems. Researchers assess that the primary objective of the campaign is financial gain through credential theft, fraud operations, spam activities, extortion, and resale of unauthorized access credentials. This aligns with broader trends in cloud focused attacks where stolen access is monetized across underground markets and secondary exploitation channels. What makes this case notable is its overlap with earlier activity attributed to TeamPCP, a threat actor previously observed exploiting known vulnerabilities such as React2Shell and cloud misconfigurations to build expanding networks for data theft and post exploitation operations.
Unlike TeamPCP activity, PCPJack does not include cryptocurrency mining functionality, despite similarities in targeting and operational structure. Researchers suggest that this absence may indicate a shift in operational priorities or possible involvement of individuals previously associated with TeamPCP who are adapting the tooling for different objectives. The attack chain begins with a bootstrap shell script that prepares the environment, configures payload hosting, and downloads additional components. It also attempts to remove traces linked to TeamPCP while establishing persistence, installing Python dependencies, and deploying multiple scripts that form the core of the attack framework. The orchestration script coordinates execution of payload modules and initiates both credential theft and propagation routines.
The framework is built around six Python based payload components, each serving a specific function within the attack lifecycle. The main orchestrator worm.py, deployed as monitor.py, is responsible for launching modules, performing local credential theft, and spreading across systems using known vulnerabilities including CVE-2025-55182, CVE-2025-29927, CVE-2026-1357, CVE-2025-9501, and CVE-2025-48703. It also uses Telegram for command and control communication. Additional modules include parser.py for credential categorization, lateral.py for reconnaissance and movement across SSH, Kubernetes, Docker, Redis, RayML, and MongoDB, crypto_util.py for encryption of stolen data, cloud_ranges.py for collecting and updating cloud provider IP ranges including AWS, Google Cloud, Microsoft Azure, Cloudflare, Cloudfront, and Fastly, and cloud_scan.py for external scanning of exposed services to enable further propagation.
Propagation data is sourced from parquet files retrieved through Common Crawl, which provides publicly available web archive datasets. Researchers also observed that PCPJack operators track operational impact by collecting metrics on whether TeamPCP has been removed from targeted environments, recorded in a field labeled PCP replaced within command and control communications. This suggests that the campaign is not only focused on opportunistic cloud intrusion but also on tracking and countering activity linked to a specific threat actor ecosystem. Additional investigation revealed another script, check.sh, which identifies system architecture, deploys Sliver binaries, and scans Instance Metadata Service endpoints, Kubernetes service accounts, and Docker instances for credentials associated with services including Anthropic, Digital Ocean, Discord, Google API, Grafana Cloud, HashiCorp Vault, OnePassword, and OpenAI before exfiltration to external infrastructure.
SentinelOne researchers note that the toolsets demonstrate a modular design approach despite functional redundancies and indicate deliberate removal of mining related capabilities previously associated with TeamPCP. The campaign instead focuses on credential extraction and cloud access exploitation, including credentials tied to cryptocurrency related services, reflecting a structured and evolving cloud based attack framework operating across multiple environments.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.
