PCPJack Credential Stealer Exploits 5 CVEs to Spread Worm-Like Across Cloud Systems

Cybersecurity researchers have disclosed details of a new credential theft framework dubbed PCPJack that targets exposed cloud infrastructure and ousts any artifacts linked to TeamPCP from the environments.

"The toolset harvests credentials from cloud, container, developer, productivity, and financial services, then exfiltrates the data through attacker-controlled infrastructure while attempting to spread to additional hosts," SentinelOne security researcher Alex Delamotte said in a report published today.

PCPJack is specifically designed to target cloud services like Docker, Kubernetes, Redis, MongoDB, RayML, and vulnerable web applications, allowing the operators to spread in a worm-like fashion, aswell as move laterally within the compromised networks.

It's assessed that the end goal of the cloud attack campaign is to generate illicit revenue for the threat actors through credential theft, fraud, spam, extortion, or resale of stolen access.

The What makes this activity notable is that it shares significant targeting overlaps with TeamPCP , a threat actor that rose to prominence late last year by exploiting known security vulnerabilities (e. g.

, React2Shell ) and misconfigurations in cloud services to enlist the endpoints in an ever-expanding network for conducting data theft and other post-exploitation actions. At the same time, PCPJack lacks a cryptocurrency mining component, unlike TeamPCP.

While it's not known why this obvious monetization strategy was not adopted, the similarities between the two clusters indicate that PCPJack could be the work of a former member of TeamPCP who is familiar with the group's tradecraft.

The starting point of the attack is a bootstrap shell script that's used to prepare the environment – such as configuring the payload host – and download next-stage tooling, while simultaneously taking steps to infect its own infrastructure, terminate and remove processes or artifacts that are associated with TeamPCP, install Python, establish persistence, download six Python scripts, launch the orchestration script, and remove itself.

The six Python payloads are as follows - Propagation targets for the orchestrator script come from parquet files that the worm pulls directly from Common Crawl, a non-profit that crawls the web and provides its archives and datasets to the public at no extra cost.

"When exfiltrating system information and credentials, the PCPJack operator even collects success metrics on whether TeamPCP has been evicted from targeted environments in a 'PCP replaced' field sent to the C2," Delamotte said.

This "implies a direct focus on the threat actor's activities rather than pure cloud attack opportunism." Further analysis of the threat actor's infrastructure has uncovered another shell script ("check. sh") that detects the CPU architecture and fetches the appropriate Sliver binary.

It also scans Instance Metadata Service (IMDS) endpoints, Kubernetes service accounts, and Docker instances for credentials associated with Anthropic, Digital Ocean, Discord, Google API, Grafana Cloud, HashiCorp Vault, OnePassword, and OpenAI, and transmits them to an external server.

"Overall, the two toolsets are well developed and indicate that the owner values making code as a modular framework, despite some redundancies in behavior," SentinelOne said. "This campaign does not [deploy miners], and it deliberately removes the miner functions associated with TeamPCP.

Despite that, this actor has well-defined scopes for extracting cryptocurrency credentials." Learn how to stop patient zero attacks before they bypass detection and compromise your systems at entry points. Learn how to validate real attack paths and reduce exploitable risk with continuous agentic security validation.