**PCPJack** is a new credential theft framework specifically targeting cloud environments, designed to steal credentials and remove traces of the **TeamPCP** group. According to a report by **SentinelOne**, the framework targets cloud, container, developer, productivity, and financial services, exfiltrating data through attacker-controlled infrastructure and attempting to spread to additional hosts. ### PCPJack's Modus Operandi **PCPJack** is designed to target services like Docker, Kubernetes, Redis, MongoDB, and RayML, as well as vulnerable web applications. This allows the threat actors to spread in a worm-like fashion and move laterally within compromised networks. The primary goal appears to be generating illicit revenue through credential theft, fraud, spam, extortion, or the resale of stolen access. ### Similarities and Differences with TeamPCP This campaign shares significant targeting overlaps with **TeamPCP**, a group known for exploiting vulnerabilities like **React2Shell** and misconfigurations in cloud services for data theft and other post-exploitation activities. However, unlike **TeamPCP**, **PCPJack** lacks a cryptocurrency mining component. The similarities suggest that **PCPJack** could be the work of a former **TeamPCP** member familiar with the group's tactics. ### Attack Lifecycle The attack begins with a bootstrap shell script that configures the environment, downloads next-stage tooling, and infects its own infrastructure. This script also terminates and removes processes or artifacts associated with **TeamPCP**, installs Python, establishes persistence, downloads six Python scripts, launches the orchestration script, and then removes itself.  ### Python Payloads The six Python payloads used by **PCPJack** are: * **worm.py** (monitor.py): The main orchestrator that launches modules, conducts local credential theft, propagates the toolset by exploiting known flaws (**CVE-2025-55182**, **CVE-2025-29927**, **CVE-2026-1357**, **CVE-2025-9501**, and **CVE-2025-48703**), and uses Telegram for command-and-control (C2). * **parser.py** (utils.py): Handles credential extraction to categorize stolen keys and secrets. * **lateral.py** (_lat.py): Facilitates reconnaissance, harvests secrets, and enables lateral movement across SSH, Kubernetes, Docker, Redis, RayML, and MongoDB services. * **crypto_util.py** (_cu.py): Encrypts credentials before exfiltration to the attacker's Telegram channel. * **cloud_ranges.py** (_cr.py): Collects IP address ranges assigned to **Amazon Web Services (AWS)**, **Google Cloud**, **Microsoft Azure**, **Cloudflare**, **Cloudfront**, and **Fastly**, refreshing the data every 24 hours. * **cloud_scan.py** (_csc.py): Runs cloud port scanning for external propagation via Docker, Kubernetes, MongoDB, RayML, or Redis services. ### Propagation and Data Exfiltration The orchestrator script pulls propagation targets directly from Common Crawl. During data exfiltration, the **PCPJack** operator collects metrics on whether **TeamPCP** has been evicted from targeted environments, indicating a direct focus on disrupting **TeamPCP**'s activities. ### Additional Infrastructure Analysis Further analysis revealed a shell script ("check.sh") that detects the CPU architecture and fetches the appropriate **Sliver** binary. It also scans Instance Metadata Service (IMDS) endpoints, Kubernetes service accounts, and Docker instances for credentials associated with Anthropic, Digital Ocean, Discord, Google API, Grafana Cloud, HashiCorp Vault, OnePassword, and OpenAI, and transmits them to an external server. ### SentinelOne's Assessment **SentinelOne** assesses that the two toolsets are well-developed and modular, despite some redundancies. The campaign deliberately removes miner functions associated with **TeamPCP**, but the actor still has well-defined scopes for extracting cryptocurrency credentials.