THREATNOIR
Subscribe
Back to Feed
MalwareApr 28, 2026

https://spm-cdn-assets-dist-2026.s3.us-east-2.amazonaws[.]com/bootstrap.sh šŸ¤” "# System Performan...

Malicious bootstrap script distributed via AWS S3 deploys TeamPCP/PCPcat malware.

Read at source

Summary

A malicious shell script hosted on a spoofed AWS S3 domain (spm-cdn-assets-dist-2026.s3.us-east-2.amazonaws[.]com) was used to deliver TeamPCP (also known as PCPcat) malware. The script masquerades as a "System Performance Monitor Bootstrap" and was delivered via React2Shell exploitation. Security researchers are warning of the need to detect and remove the TeamPCP malware from affected systems.

Indicators of Compromise

  • domain ā€” spm-cdn-assets-dist-2026.s3.us-east-2.amazonaws[.]com
  • url ā€” https://spm-cdn-assets-dist-2026.s3.us-east-2.amazonaws[.]com/bootstrap.sh
  • malware ā€” TeamPCP
  • malware ā€” PCPcat

Entities

React2Shell (technology)AWS S3 (technology)