Introduction to PCPJack Worm
A threat actor has launched a campaign to clean up environments infected by the TeamPCP hacking group and deploy its own malicious tools, according to SentinelOne. The campaign, active since late April, relies on a malware framework targeting credentials across multiple cloud environments and capable of propagating itself.
SentinelOne has named the framework PCPJack, due to its focus on removing from the infected systems any tools and artifacts associated with TeamPCP, the hacking group behind a recent flurry of supply chain attacks targeting multiple open source software ecosystems.
How PCPJack Works
A PCPJack infection begins with a Linux shell script that sets up the environment and fetches additional payloads. Before that, it searches the system for processes and artifacts matching known TeamPCP infections and removes them.
Next, the script creates a Python virtual environment, downloads six modules from an AWS S3 bucket, renames them, establishes persistence, launches the first module, which serves as the main framework orchestrator, and then deletes itself.
Modules and Functionality
The remaining modules, which are imported by the orchestrator, were designed for specific purposes, including credential parsing, lateral movement, command-and-control (C&C) message encryption, cloud IP range lookups, and cloud scanning.
From the local system, PCPJack can steal .env and configuration files, environment variables, SSH keys, cryptocurrency wallets, credentials, and tokens for various web apps and cloud services, including AWS, Kubernetes, Docker, Gmail, GitHub, Office 365/Outlook, RayML, Slack, and WordPress.
Targeting Motivations and Spreading Mechanism
The types of credentials collected by the framework suggest PCPJack’s targeting motivations are primarily to conduct spam campaigns and financial fraud, or to simply monetize stolen credentials to actors with these focuses.
PCPJack performs system reconnaissance to identify assets the machine connects to, attempts lateral movement, and downloads Parquet files from Common Crawl to identify additional targets over the internet and attempt to infect them.
The spreading module targets known vulnerabilities in web applications, including CVE-2025-29927 (Next.js), CVE-2025-55182 (React2Shell), CVE-2026-1357 (WPVivid Backup plugin for WordPress), CVE-2025-9501 (W3 Total Cache plugin for WordPress), and CVE-2025-48703 (CentOS Web Panel).
Command and Control Mechanism
PCPJack also attempts to use the extracted credentials to propagate across Kubernetes, Docker, Redis, RayML, and MongoDB deployments, and leverages SSH keys to execute the initial script on remote machines.
The framework uses Telegram for C&C and encrypts the data sent to its channel.
Investigation and Associated Toolsets
During its investigation into the framework, SentinelOne identified a second toolset associated with the threat actor, which includes Sliver implants and credential theft across dozens of cloud services, including Anthropic, Digital Ocean, Discord, Google API, and others, as well as those targeted by PCPJack.
Overall, the two toolsets are well developed and indicate that the owner values making code as a modular framework, despite some redundancies in behavior.
The occasional operational security lapses were interesting, particularly their choice to encrypt everything except for Telegram credentials and their own alleged infrastructure.
- Related: Vendor Says Daemon Tools Supply Chain Attack Contained
- Related: AI Coding Agents Could Fuel Next Supply Chain Crisis
- Related: 1,800 Hit in Mini Shai-Hulud Attack on SAP, Lightning, Intercom
- Related: Sophisticated Quasar Linux RAT Targets Software Developers
Source: SecurityWeek