A new malware framework named PCPJack targets exposed cloud infrastructure including Docker, Kubernetes, Redis, MongoDB, and RayML for large-scale credential theft while actively removing any existing TeamPCP infections. The malware begins with a bootstrap.sh script that creates hidden directories, installs Python dependencies, establishes persistence, and launches a main orchestrator called monitor.py that explicitly searches for and deletes TeamPCP processes and artifacts. SentinelLabs believes the framework may have been developed by a former TeamPCP affiliate due to similarities with early TeamPCP campaigns from December 2025.
PCPJack exfiltrates stolen credentials including SSH keys, cloud service tokens, messenger app data, and API keys from providers such as OpenAI and Anthropic. Exfiltrated data is encrypted using X25519 ECDH with ChaCha20-Poly1305, split into chunks respecting Telegram's message limits, and sent to attacker-controlled Telegram channels. The worm propagates by scanning for exposed cloud services and exploiting known vulnerabilities including CVE-2025-29927 in Next.js, CVE-2025-55182 known as React2Shell, CVE-2026-1357 in WPVivid Backup, and CVE-2025-9501 in W3 Total Cache.
Once inside compromised environments, PCPJack performs lateral movement by harvesting SSH keys and credentials, enumerating Kubernetes clusters and Docker daemons, and establishing persistence through systemd services, cron jobs, or privileged containers. SentinelLabs also discovered a Sliver-based backdoor on attacker infrastructure with variants supporting multiple architectures. Recommended mitigations include enforcing multi-factor authentication, using IMDSv2 in AWS, ensuring proper authentication for Docker and Kubernetes services, and avoiding plaintext storage of secrets. The operation appears monetized through financial fraud, credential resale, or extortion.
Read more...