Infrastructure
PCPJack; Cloud Worm; Credential Theft; TeamPCP Rivalry; Docker; Kubernetes; Redis; Next.js; WordPress
Source Material: SentinelLabs | Technology: Docker, Kubernetes, Redis, MongoDB, RayML, Next.js, React, WordPress, CentOS Web Panel | Targeted Industries: Opportunistic / Broadly
Targeted
Executive Summary
In early May 2026, security researchers identified a novel credential-stealing framework dubbed “PCPJack”. Operating as a cloud worm, PCPJack actively targets exposed cloud services and vulnerable web applications to harvest sensitive credentials, API keys, and cryptocurrency wallets.
Notably, PCPJack exhibits predatory behavior toward the infrastructure of “TeamPCP,” a prominent threat actor known for recent high-profile supply chain compromises. Upon infection, PCPJack aggressively roots out and removes TeamPCP artifacts, deploying its own tools to hijack the environment.
Unlike typical cloud-based malware, PCPJack does not deploy cryptominers. Instead, the framework focuses exclusively on stealing credentials for cloud platforms, financial services, and enterprise productivity tools to enable fraud, extortion, or the resale of access. Organizations utilizing the targeted cloud and web services, including Docker, Kubernetes, Redis, MongoDB, RayML, Next.js, React, WordPress, CentOS Web Panel, must immediately review their exposure and rotate potentially compromised credentials.
Threat Overview and Strategic Impact
PCPJack operates through a modular architecture primarily consisting of Python scripts and Sliver C2 beacons. The initial infection typically relies on exploiting one of five known vulnerabilities in ubiquitous web technologies: React/Next.js (CVE-2025-55182, CVE-2025-29927), WordPress plugins (CVE-2026-1357, CVE-2025-9501), and CentOS Web Panel (CVE-2025-48703).
To facilitate external propagation, PCPJack utilizes parquet files downloaded from Common Crawl, an open-source web archive, to dynamically identify pre-validated targets, filtering for hosts that return valid HTTP responses and significantly reducing scanning noise. Once initial access is achieved, a bootstrap script (bootstrap.sh) prepares the environment by deliberately terminating processes and removing artifacts associated with the rival TeamPCP group.
The framework then launches its main orchestrator, monitor.py, which systematically extracts secrets from .env files, SSH configurations, AWS IMDS, Kubernetes service accounts, Docker secrets, and local cryptocurrency wallets. A credential parsing module categorizes the stolen data, covering services like AWS, Google API, Slack, Binance, and Stripe, and encrypts it using ChaCha20-Poly1305 before exfiltrating the payload to an attacker-controlled Telegram channel.
For lateral movement, PCPJack scans internal networks for exposed instances of Docker, Kubernetes, Redis, RayML, and MongoDB. It employs techniques such as Redis cron rewrites, Docker socket abuse, and Kubernetes API enumeration to spread internally and establish persistence. Furthermore, a secondary toolset drops a customized Sliver C2 beacon compiled with garble obfuscation to facilitate deeper network intrusion and SSH-spraying.
PCPJack’s autonomous worming capabilities and broad service targeting present a high, immediate risk to exposed cloud environments. By leveraging TeamPCP’s existing footprint, the PCPJack operators, likely former members or intimately familiar rivals, are executing an efficient credential harvesting campaign.
Security Hardening and Recommendations
- Enforce Secret Management: Never store credentials, API keys, or tokens in cleartext within .env files, source code, or unencrypted local directories. Utilize enterprise-grade secret management vaults.
- Secure Cloud Metadata: Enforce IMDSv2 across all AWS environments to prevent unauthorized retrieval of instance metadata credentials by SSRF or local exploitation.
- Patch Web Applications: Immediately apply security updates for Next.js, React, WordPress (WPVivid Backup, W3 Total Cache), and CentOS Web Panel to remediate the specific CVEs targeted by PCPJack for initial access.
- Restrict Management Interfaces: Ensure authentication and role-based access controls (RBAC) are strictly enforced for internal services like Docker, Kubernetes, Redis, MongoDB, and RayML. Do not expose these management ports to the public internet.
- Implement Network Controls: Monitor and restrict outbound traffic to unexpected Telegram API endpoints and unauthorized S3 storage resources to disrupt C2 communication and payload staging.
Detection Strategy
Security analysts should focus on detecting the initial staging scripts, anomalous lateral movement toward internal management ports, and distinct exfiltration patterns. Specifically, look for unexpected executions of Python 3 virtual environments from the /var/lib/.spm/ directory and crontab modifications executing scripts named monitor.py or bootstrap.sh. Network monitoring should flag unexpected outbound connections to the known attacker S3 bucket, typosquatted C2 domains, or Telegram API endpoints utilized for command and control.
How Deepwatch Protects Our Customers
Deepwatch Adversary Tactics & Intelligence (ATI) is actively monitoring the threat landscape and parsing intelligence relating to PCPJack IOCs and TTPs. The Security Operations Center (SOC) continuously evaluates telemetry for anomalous container activity, unexpected credential access, and interactions with known malicious infrastructure. Deepwatch Threat Hunters are regularly conducting threat hunts in customer environments to seek out malicious activity.
Relevant Detections
Please visit Security Center to access the relevant detections for this activity.
Threat Hunting Leads
- Investigate Linux endpoints for the creation of the hidden working directory /var/lib/.spm/ or the presence of files named lateral_done and harvest.jsonl.
- Hunt for the automated execution of rm commands explicitly targeting processes or artifacts containing the strings TeamPCP, PCPcat, or BORING_SYSTEM.
- Review network logs for unexpected inbound HTTP requests containing the unique MIME multipart boundary, –WebKitFormBoundaryx8jO2oVc6SWP3Sad, utilized in the Next.js exploit chain.
- Monitor for unauthorized Docker socket (/var/run/docker.sock) bindings or Kubernetes service account token access originating from unprivileged pods.
Technical Artifacts
Please visit Security Center to access the associated technical artifacts.
Threat Object Mapping
Intrusion Set:
- PCPJack Operator (Assessed as a potential TeamPCP rival or former member)
Attack Pattern (MITRE ATT&CK):
| Tactic | Technique | Technique ID | Associated Threat Activity |
| Initial Access | Exploit Public-Facing Application | T1190 | Exploitation of CVEs in Next.js, WordPress, and CentOS Web Panel for initial access. |
| Execution | Command and Scripting Interpreter: Python | T1059.006 | Orchestrator and lateral movement tools are written in Python and executed locally. |
| Defense Evasion | Indicator Removal: File Deletion | T1070.004 | Actively searches for and deletes files and processes associated with rival TeamPCP malware. |
| Credential Access | Unsecured Credentials: Credentials in Files | T1552.001 | Harvesting keys, tokens, and wallets from .env, .ssh/config, and wallet.dat files. |
| Lateral Movement | Exploitation of Remote Services | T1210 | Utilizing exposed Docker, Kubernetes, and Redis instances to propagate internally. |
| Exfiltration | Exfiltration Over Alternative Protocol | T1048 | Exfiltrating encrypted data through the Telegram API. |
Vulnerabilities:
- CVE-2025-55182 (React / Next.js Server Actions deserialization)
- CVE-2025-29927 (Next.js Middleware auth bypass)
- CVE-2026-1357 (WPVivid Backup null-key file upload)
- CVE-2025-9501 (W3 Total Cache PHP injection)
- CVE-2025-48703 (CentOS Web Panel shell injection)
Malware/Tool:
- PCPJack Framework (bootstrap.sh, monitor.py, etc.)
- Sliver C2 (update.bin beacons)
- Additional Sources
- Dark Reading: After Replacing TeamPCP Malware, ‘PCPJack’ Steals Cloud Secrets
- The Hacker News: PCPJack Credential Stealer Exploits 5 CVEs to Spread Worm-Like Across Cloud Systems
Additional Sources
- Dark Reading: After Replacing TeamPCP Malware, ‘PCPJack’ Steals Cloud Secrets
- The Hacker News: PCPJack Credential Stealer Exploits 5 CVEs to Spread Worm-Like Across Cloud Systems
Share