Introduction to PCPJack Worm
A new malware framework called PCPJack has been discovered, which steals credentials from exposed cloud infrastructure while removing TeamPCP's access to the systems. The targeted services include Docker, Kubernetes, Redis, MongoDB, RayML, and vulnerable web applications.
SentinelLabs researchers believe that PCPJack appears designed for large-scale credential theft and likely monetizes its activity via financial fraud, spam operations, credential resale, or extortion. TeamPCP is a cloud-focused threat group known for high-profile supply-chain breaches.
Similarities with TeamPCP Attacks
Due to the similarities with TeamPCP attacks, SentinelLabs believes that PCPJack may have been developed by a former TeamPCP affiliate or member that started their own operation. The researchers explain that many of the services targeted by the PCPJack framework are similar to the early TeamPCP/PCPCat campaigns from December 2025.
The researchers also note that the high-visibility campaigns of early 2026 brought significant attention to TeamPCP and purportedly led to changes in group membership. They believe this could be a former operator who is deeply familiar with the group’s tooling.
PCPJack Infection Process
PCPJack infects Linux-based cloud systems using a shell script called bootstrap.sh. Upon execution, it creates a hidden working directory, installs Python dependencies, downloads additional modules, establishes persistence, and launches the main orchestrator (monitor.py).
During this initial stage, PCPJack explicitly checks for TeamPCP tooling and attempts to delete everything, thus claiming the compromise for themselves. The cleaning activity includes removing TeamPCP processes, services, containers, files, and persistence artifacts, completely eliminating the infections.
Removing TeamPCP Artifacts
The researchers say that the removal of TeamPCP artifacts is a key aspect of PCPJack's functionality. This suggests that the threat actor is attempting to take control of compromised systems and remove any existing malware.
PCPJack Capabilities
PCPJack's capabilities revolve mainly around credential theft, targeting cloud environments, developer systems, messenger apps, financial services, databases, SSH keys, Slack tokens, WordPress configs, OpenAI keys, Anthropic keys, Discord, DigitalOcean, and more.
The credentials are exfiltrated to Telegram channels after they are encrypted using X25519 ECDH and ChaCha20-Poly1305, and split into 2800-byte chunks respecting Telegram’s message character limits.
Services Targeted in PCPJack Attacks
The services targeted in PCPJack attacks include Docker, Kubernetes, Redis, MongoDB, and RayML. The malware propagates by scanning external cloud infrastructure for exposed services and attempting to exploit known vulnerabilities to gain access.
Vulnerabilities Exploited by PCPJack
PCPJack is exploiting several vulnerabilities, including:
- CVE-2025-29927: auth bypass in Next.js middleware via crafted header
- CVE-2025-55182 (“React2Shell”): Server Actions deserialization flaw in React and Next.js
- CVE-2026-1357: unauthenticated file upload in WPVivid Backup
- CVE-2025-9501: PHP injection in W3 Total Cache via cached mfunc comment
- CVE-2025-48703: shell injection in CentOS Web Panel Filemanager changePerm functionality
Mitigation and Recommendations
To mitigate the risk of PCPJack, the researchers recommend enforcing multi-factor authentication (MFA), using IMDSv2 in AWS, ensuring proper authentication for Docker and Kubernetes services, following least-privilege principles, and avoiding storing secrets in plaintext.
By following these recommendations, organizations can reduce the risk of compromise and protect their cloud infrastructure from PCPJack and other malware threats.
99% of What Mythos Found Is Still Unpatched. AI chained four zero-days into one exploit that bypassed both renderer and OS sandboxes. A wave of new exploits is coming.
Source: BleepingComputer