PCPJack Credential Stealer Exploits 5 CVEs to Spread Worm-Like Across Cloud Systems
Source: The Hacker News
Overview
Author: Ravie Lakshmanan
Date: May 07, 2026
Categories: Threat Intelligence / Cloud Security
Cybersecurity researchers have disclosed details of a new credential‑theft framework dubbed PCPJack that targets exposed cloud infrastructure and removes any artifacts linked to TeamPCP from the environments.
“The toolset harvests credentials from cloud, container, developer, productivity, and financial services, then exfiltrates the data through attacker‑controlled infrastructure while attempting to spread to additional hosts,” said SentinelOne security researcher Alex Delamotte in a report published today.
— SentinelOne Labs report
PCPJack is specifically designed to target cloud services such as Docker, Kubernetes, Redis, MongoDB, RayML, and vulnerable web applications, allowing the operators to spread in a worm‑like fashion and move laterally within compromised networks. The end goal appears to be illicit revenue generation through credential theft, fraud, spam, extortion, or resale of stolen access.
What makes this activity notable is its significant targeting overlap with TeamPCP, a threat actor that rose to prominence late last year by exploiting known security vulnerabilities (e.g., React2Shell) and misconfigurations in cloud services to enlist endpoints in an ever‑expanding network for data theft and other post‑exploitation actions.
At the same time, PCPJack lacks a cryptocurrency‑mining component, unlike TeamPCP. While the reason for omitting this obvious monetisation strategy is unknown, the similarities between the two clusters suggest that PCPJack could be the work of a former TeamPCP member familiar with the group’s tradecraft.
Attack Flow
The starting point of the attack is a bootstrap shell script that:
- Prepares the environment (e.g., configures the payload host).
- Downloads next‑stage tooling.
- Infects its own infrastructure.
- Terminates and removes processes or artifacts associated with TeamPCP.
- Installs Python, establishes persistence, and downloads six Python scripts.
- Launches the orchestration script and then removes itself.
The Six Python Payloads
| File | Alias | Description |
|---|---|---|
worm.py (written to disk as monitor.py) | – | Main orchestrator that launches purpose‑built modules, conducts local credential theft, propagates the toolset via known CVEs (CVE‑2025‑55182, CVE‑2025‑29927, CVE‑2026‑1357, CVE‑2025‑9501, CVE‑2025‑48703), and uses Telegram for C2. |
parser.py (also utils.py) | – | Handles credential extraction and categorises stolen keys and secrets. |
lateral.py (lat.py) | – | Facilitates reconnaissance, harvests secrets, and enables lateral movement across SSH, Kubernetes, Docker, Redis, RayML, and MongoDB services. |
crypto_util.py (cu.py) | – | Encrypts credentials before exfiltration to the attacker’s Telegram channel. |
cloud_ranges.py (cr.py) | – | Collects IP‑address ranges for AWS, Google Cloud, Microsoft Azure, Cloudflare, Cloudfront, and Fastly; refreshes data every 24 hours. |
cloud_scan.py (csc.py) | – | Performs cloud‑port scanning for external propagation via Docker, Kubernetes, MongoDB, RayML, or Redis services. |
Propagation targets for the orchestrator script are drawn from Parquet files that the worm pulls directly from Common Crawl, a non‑profit that crawls the web and provides its archives and datasets to the public at no extra cost.
“When exfiltrating system information and credentials, the PCPJack operator even collects success metrics on whether T”
(The article ends abruptly here.)
eamPCP has been evicted from targeted environments in a “PCP replaced” field sent to the C2, Delamotte said. This “implies a direct focus on the threat actor’s activities rather than pure cloud attack opportunism.”
Further analysis of the threat actor’s infrastructure has uncovered another shell script (check.sh) that:
- Detects the CPU architecture and fetches the appropriate Sliver binary.
- Scans Instance Metadata Service (IMDS) endpoints, Kubernetes service accounts, and Docker instances for credentials associated with Anthropic, Digital Ocean, Discord, Google API, Grafana Cloud, HashiCorp Vault, 1Password, and OpenAI.
- Transmits any harvested credentials to an external server.
“Overall, the two toolsets are well developed and indicate that the owner values making code as a modular framework, despite some redundancies in behavior,” SentinelOne said. “This campaign does not [deploy miners], and it deliberately removes the miner functions associated with TeamPCP. Despite that, this actor has well‑defined scopes for extracting cryptocurrency credentials.”
Follow Us
Found this article interesting? Follow us for more exclusive content:
- Google News