PCPJack sharpens cloud credential threat

Cloud security teams are facing a new credential-theft campaign after researchers identified PCPJack, a worm-like malware framework built to compromise exposed container, database and cloud-native systems while stripping away traces of rival TeamPCP tooling.

The framework targets internet-facing Docker APIs, Kubernetes environments, Redis and MongoDB instances, Ray dashboards and vulnerable web applications. Its operators appear less interested in cryptomining, a familiar revenue stream in cloud intrusions, and more focused on harvesting credentials that can be used for fraud, spam operations, extortion or resale to other criminal groups.

PCPJack was identified after a Kubernetes-focused malware-hunting rule flagged a Linux shell script on 28 April 2026. The script stood out because its first actions were not only to prepare an infected host for further compromise, but also to remove processes, files, containers and persistence mechanisms associated with TeamPCP, a threat actor that gained prominence earlier this year through attacks on cloud and software supply-chain infrastructure.

That behaviour has raised questions about the operator’s relationship with TeamPCP. The malware may have been built by someone familiar with the group’s tactics, possibly a former affiliate or competitor seeking to take over compromised environments. No public evidence has established a direct link, but the framework’s explicit removal of TeamPCP artefacts suggests more than routine clean-up before infection.

PCPJack’s initial shell script creates a hidden working directory, checks the public IP address of the victim against a hardcoded exclusion list, installs Python 3.6 or later through available package managers, sets up a virtual environment and downloads further payloads. The modules rely on Python components including requests, cryptography and pyarrow, indicating a modular design suited to broad deployment across Linux-based cloud assets.

The toolset’s spread mechanism combines exposed service scanning, vulnerability exploitation and internal movement using harvested credentials. Once inside a network, it performs reconnaissance on the host and connected assets, then attempts to move laterally. A marker file prevents parts of the process from running repeatedly, a step that may reduce noisy traffic and lower the chance of detection by network monitoring tools.

One notable element is the use of parquet files for target discovery. Rather than relying only on indiscriminate scanning, PCPJack can use structured datasets to identify hosts that have already returned valid HTTP responses. That approach gives operators a quieter and more selective way to build target lists, while also allowing them to customise attacks against specific environments.

The credential-harvesting logic covers cloud platforms, container environments, developer tools, enterprise productivity software, financial services and messaging platforms. It looks for secrets that could unlock broader access, including tokens, keys, passwords and configuration data. The inclusion of services such as Slack and business database platforms increases the risk that a cloud breach could escalate into data theft, blackmail or business email abuse.

Some artefacts suggest inconsistent development practices. The framework’s credential-matching patterns reportedly include references to FTX, the crypto exchange that collapsed in 2022, which may indicate recycled code, outdated logic or automated code generation. That does not make the malware less dangerous, as its core functions remain aligned with high-value credential theft and cloud propagation.

TeamPCP’s earlier activity provides important context. The group drew attention through compromises affecting widely used security and developer tools, including vulnerability scanning and software delivery components embedded in automated pipelines. Those intrusions exposed how attackers can weaponise trusted infrastructure that often has privileged access to secrets, cloud tokens and deployment systems.

PCPJack reflects the same wider shift in cloud-focused crime. Attackers are moving beyond opportunistic cryptomining and towards operations that extract durable access, monetisable credentials and business-sensitive data. Misconfigured Docker sockets, exposed Kubernetes dashboards, unsecured Redis instances and vulnerable web services continue to provide entry points, especially where organisations lack asset discovery, network segmentation and proper secrets management.

Defenders are being urged to treat exposed cloud-native services as high-priority risks rather than routine misconfigurations. Practical measures include removing public access to administrative interfaces, enforcing multifactor authentication, rotating credentials after suspected exposure, restricting service-account permissions, monitoring for unexpected Python virtual environments and checking for suspicious hidden directories under system paths.