‘PCPJack’ Worm Removes TeamPCP Infections, Steals Credentials

Summary

A threat actor has deployed PCPJack, a modular malware framework active since late April that targets Linux systems to remove TeamPCP artifacts and establish persistence. The framework steals credentials, SSH keys, and tokens from AWS, Kubernetes, Docker, GitHub, Office 365, and other cloud services, then propagates via known CVEs and compromised credentials. SentinelOne attributes the campaign to a likely former TeamPCP operator with deep knowledge of the group's tooling.

Full text

A threat actor has launched a campaign to clean up environments infected by the infamous TeamPCP hacking group and deploy its own malicious tools, SentinelOne reports. Active since late April, the campaign relies on a malware framework targeting credentials across multiple cloud environments and capable of propagating itself. SentinelOne has named the framework PCPJack, due to its focus on removing from the infected systems any tools and artifacts associated with TeamPCP, the hacking group behind a recent flurry of supply chain attacks targeting multiple open source software ecosystems. “Many of the services targeted by the PCPJack framework are similar to the early TeamPCP/PCPCat campaigns from December 2025, before the high-visibility campaigns of early 2026 brought significant attention to TeamPCP and purportedly led to changes in group membership. We believe this could be a former operator who is deeply familiar with the group’s tooling,” SentinelOne says. A PCPJack infection, the cybersecurity company says, begins with a Linux shell script that sets up the environment and fetches additional payloads. Before that, it searches the system for processes and artifacts matching known TeamPCP infections and removes them. Next, the script creates a Python virtual environment, downloads six modules from an AWS S3 bucket, renames them, establishes persistence, launches the first module, which serves as the main framework orchestrator, and then deletes itself.Advertisement. Scroll to continue reading. The remaining modules, which are imported by the orchestrator, were designed for specific purposes, including credential parsing, lateral movement, command-and-control (C&C) message encryption, cloud IP range lookups, and cloud scanning. From the local system, PCPJack can steal .env and configuration files, environment variables, SSH keys, cryptocurrency wallets, credentials, and tokens for various web apps and cloud services, including AWS, Kubernetes, Docker, Gmail, GitHub, Office 365/Outlook, RayML, Slack, and WordPress. “The types of credentials collected by the framework suggest PCPJack’s targeting motivations are primarily to conduct spam campaigns and financial fraud, or to simply monetize stolen credentials to actors with these focuses. The inclusion of enterprise productivity software like Slack and business database services expands the focus to extortion attacks,” SentinelOne says. PCPJack performs system reconnaissance to identify assets the machine connects to, attempts lateral movement, and downloads Parquet files from Common Crawl to identify additional targets over the internet and attempt to infect them. The spreading module targets known vulnerabilities in web applications, including CVE-2025-29927 (Next.js), CVE-2025-55182 (React2Shell), CVE-2026-1357 (WPVivid Backup plugin for WordPress), CVE-2025-9501 (W3 Total Cache plugin for WordPress), and CVE-2025-48703 (CentOS Web Panel). PCPJack also attempts to use the extracted credentials to propagate across Kubernetes, Docker, Redis, RayML, and MongoDB deployments, and leverages SSH keys to execute the initial script on remote machines. The framework uses Telegram for C&C and encrypts the data sent to its channel. During its investigation into the framework, SentinelOne identified a second toolset associated with the threat actor, which includes Sliver implants and credential theft across dozens of cloud services, including Anthropic, Digital Ocean, Discord, Google API, and others, as well as those targeted by PCPJack. “Overall, the two toolsets are well developed and indicate that the owner values making code as a modular framework, despite some redundancies in behavior. The occasional operational security lapses were interesting, particularly their choice to encrypt everything except for Telegram credentials and their own alleged infrastructure,” SentinelOne notes. Related: Vendor Says Daemon Tools Supply Chain Attack Contained Related: AI Coding Agents Could Fuel Next Supply Chain Crisis Related: 1,800 Hit in Mini Shai-Hulud Attack on SAP, Lightning, Intercom Related: Sophisticated Quasar Linux RAT Targets Software Developers Written By Ionut Arghire Ionut Arghire is an international correspondent for SecurityWeek. More from Ionut Arghire Boost Security Raises $4 Million for SDLC Defense PlatformChrome 148 Rolls Out With 127 Security FixesVendor Says Daemon Tools Supply Chain Attack ContainedCisco Patches High-Severity Vulnerabilities in Enterprise ProductsGemini CLI Vulnerability Could Have Led to Code Execution, Supply Chain AttackHerd Security Raises $3 Million for AI-Powered Training PlatformIranian APT Intrusion Masquerades as Chaos Ransomware AttackSophisticated Quasar Linux RAT Targets Software Developers Latest News In Other News: Train Hacker Arrested, PamDOORa Linux Backdoor, New CISA Director FrontrunnerPolish Security Agency Reports ICS Breaches at Five Water Treatment PlantsAI Firm Braintrust Prompts API Key Rotation After Data BreachCyberattack Hits Canvas System Used by Thousands of Schools as Finals LoomRansomware Group Takes Credit for Trellix HackVulnerability in Claude Extension for Chrome Exposes AI Agent to TakeoverIvanti Patches EPMM Zero-Day Exploited in Targeted AttacksWorries About AI’s Risks to Humanity Loom Over the Trial Pitting Musk Against OpenAI’s Leaders Trending Daily Briefing NewsletterSubscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: ROSI for CPS Security Programs May 13, 2026 In cyber-physical systems (CPS), just one hour of downtime can outweigh an entire annual security budget. Learn how to master the Return on Security Investment (ROSI) to align security goals with the bottom-line priorities. Register Virtual Event: Threat Detection and Incident Response Summit May 20, 2026 Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization. Register People on the MoveMalwarebytes has named Chung Ip as Chief Financial Officer.Semperis has appointed John Podboy as Chief Information Security Officer.Randy Menon has become Chief Product and Marketing Officer at One Identity.More People On The MoveExpert Insights The Mythos Moment: Enterprises Must Fight Agents with Agents Only with the right platform and an agentic, AI-driven defense, will enterprises be able to protect themselves in the agentic era. (Etay Maor) Why Cybersecurity Must Rethink Defense in the Age of Autonomous Agents From autonomous code generation to decision-making systems that initiate actions without human intervention, the industry is entering a new phase. (Torsten George) Government Can’t Win the Cyber War Without the Private Sector Securing national resilience now depends on faster, deeper partnerships with the private sector. (Steve Durbin) The Hidden ROI of Visibility: Better Decisions, Better Behavior, Better Security Beyond monitoring and compliance, visibility acts as a powerful deterrent, shaping user behavior, improving collaboration, and enabling more accurate, data-driven security decisions. (Joshua Goldfarb) The New Rules of Engagement: Matching Agentic Attack Speed The cybersecurity response to AI-enabled nation-state threats cannot be incremental. It must be architectural. (Nadir Izrael) Flipboard Reddit Whatsapp Whatsapp Email

Indicators of Compromise

• malware — PCPJack
• malware — TeamPCP/PCPCat
• cve — CVE-2025-29927
• cve — CVE-2025-55182
• cve — CVE-2026-1357
• cve — CVE-2025-9501
• cve — CVE-2025-48703
• malware — Sliver

Entities