SentinelLABS has uncovered PCPJack, a sophisticated credential-theft framework that actively worms across exposed cloud infrastructure while simultaneously evicting a rival threat actor's tooling. First identified on April 28, 2026, PCPJack represents a significant evolution in cloud-focused malware — abandoning the ubiquitous cryptominer payload in favor of large-scale credential harvesting targeting financial services, enterprise productivity platforms, and developer infrastructure.
What Is PCPJack and Why Does It Matter?
PCPJack is a multi-stage attack framework designed to propagate across misconfigured and exposed cloud services, collect credentials from a wide range of platforms, and exfiltrate the stolen data to attacker-controlled infrastructure. What makes PCPJack particularly notable is its dual mission: it does not simply infect new systems — it also actively removes artifacts and processes associated with TeamPCP, a known threat actor group responsible for several high-profile supply chain intrusions in early 2026.
The eviction behavior led SentinelLABS to name the toolset "PCPJack," reflecting its apparent goal of hijacking infrastructure previously compromised by TeamPCP. The attacker even tracks a "PCP replaced" success metric in data exfiltrated to the command-and-control (C2) server, treating rival eviction as a measurable operational objective.
TeamPCP: The Rival Being Displaced
Understanding PCPJack requires context on the threat actor it targets. TeamPCP gained notoriety in early 2026 after compromising Aqua Security's Trivy vulnerability scanner — a widely trusted open-source tool — enabling downstream attacks including the breach of LiteLLM, a popular library for routing requests across major large language model providers. TeamPCP later announced a partnership with the VECT ransomware group to monetize stolen cloud environment data, elevating their threat profile significantly.
The services targeted by PCPJack closely mirror TeamPCP's early campaigns from December 2025, before high-visibility incidents brought intense scrutiny to the group and reportedly triggered changes in membership. SentinelLABS assesses that PCPJack may be the work of a former TeamPCP operator with deep familiarity with the group's tooling and victim pool.
Attack Surface: What PCPJack Targets
PCPJack is built to exploit exposed and misconfigured cloud services at scale. Its scanner and propagation modules target a broad range of infrastructure:
- Container orchestration: Docker and Kubernetes
- Data stores: Redis and MongoDB
- Machine learning infrastructure: RayML
- Vulnerable web applications accessible over the internet
The framework supports both external propagation — spreading from one victim environment to others — and lateral movement within a compromised network, making it capable of achieving broad reach from a single initial foothold.
The Infection Chain: From bootstrap.sh to Full Compromise
The infection begins with bootstrap.sh, a Linux shell script that prepares the environment and fetches additional payloads from an attacker-controlled Amazon S3 bucket (hxxps://spm-cdn-assets-dist-2026[.]s3[.]us-east-2[.]amazonaws[.]com). The use of legitimate cloud storage infrastructure helps blend malicious traffic with normal AWS activity.
After establishing the working directory at /var/lib/.spm/, bootstrap.sh performs a public IP check against an operator-maintained blocklist — a tradecraft measure to prevent the attacker from accidentally infecting their own infrastructure. It then scans for and removes any TeamPCP-associated processes, services, file paths, and containers before installing Python 3.6+ and downloading six purpose-built modules.
The PCPJack Module Breakdown
Each downloaded module is renamed on disk to obscure its purpose:
- monitor.py (worm.py) — Main orchestrator controlling all other modules
- utils.py (parser.py) — Credential parsing engine
- _lat.py (lateral.py) — Lateral movement within victim networks
- _cu.py (crypto_util.py) — Encrypts data before exfiltration
- _cr.py (cloud_ranges.py) — Cloud IP CIDR range database for targeting
- _csc.py (cloud_scan.py) — Cloud port scanner for identifying new targets
Persistence is established differently depending on privilege level. If run as root, PCPJack installs a systemd service (sys-monitor.service). Without root, it falls back to two crontab entries — one polling every five minutes to verify the orchestrator is running, and a second to restart it if not. The bootstrap script then self-deletes to minimize forensic traces.
Runtime Dependency Injection
A technically notable design choice in the orchestrator is its approach to module dependencies. Rather than allowing each module to manage its own imports, monitor.py injects shared references at runtime, ensuring all components operate with the same credential handles and movement objects without hardcoding inter-module imports. This architecture reduces coupling and makes the framework easier to update individual components independently.
Credential Theft: The Real Payload
Unlike the vast majority of cloud-targeting malware, PCPJack does not deploy a cryptominer. This is a deliberate strategic choice. The credential categories it harvests point to specific monetization paths:
- Financial services credentials — enabling direct fraud
- Messaging platform credentials — enabling spam campaigns at scale
- Enterprise productivity tools (including Slack) — enabling extortion through access to internal communications
- Developer and cloud service credentials — enabling resale to other threat actors or further infrastructure abuse
The inclusion of business database services alongside productivity platforms suggests PCPJack's operators have intentionally broadened their targeting beyond quick financial gains, positioning the framework for higher-value extortion scenarios.
Threat Intelligence Implications
The PCPJack framework raises several important questions for the cloud security community. The deliberate displacement of TeamPCP suggests an adversarial relationship — possibly a former insider, a competing criminal group, or a researcher-turned-criminal who identified TeamPCP's victim pool as a ready-made target list. The "PCP replaced" telemetry field transmitted to the C2 is particularly telling: it reveals an operator who measures success not only in new infections, but in the removal of a competitor.
PCPJack's operator collects success metrics on whether TeamPCP has been evicted from targeted environments — tracking rival displacement as a measurable business objective.
The absence of cryptomining also signals a broader shift in cloud threat actor motivations. As cloud credential markets mature and ransomware groups increasingly offer monetization partnerships (as seen with TeamPCP and VECT), purely credential-focused frameworks become more economically rational than resource-intensive mining operations.
Defensive Recommendations
Organizations running exposed cloud workloads should treat PCPJack as an active threat requiring immediate attention:
- Audit exposed services: Kubernetes API servers, Docker daemon sockets, Redis instances, and MongoDB databases should never be publicly accessible without authentication.
- Rotate cloud credentials proactively: Any organization that has run misconfigured infrastructure in 2025–2026 should assume credential exposure and rotate secrets accordingly.
- Monitor for lateral movement indicators: Look for unexpected processes under
/var/lib/.spm/, new systemd services namedsys-monitor.service, and anomalous crontab entries. - Inspect outbound traffic to S3 buckets: Exfiltration over legitimate AWS infrastructure is a growing evasion technique — allowlisting known-good buckets and alerting on unknown ones is increasingly important.
- Apply runtime container security controls: Tools that detect unexpected process execution, file writes, and network connections inside containers can catch PCPJack's activity before exfiltration occurs.
Conclusion
PCPJack is a carefully engineered cloud credential-theft framework that reflects the growing sophistication of the cloud threat landscape. By abandoning cryptomining in favor of targeted credential harvesting, actively displacing a rival threat actor, and building modular, persistent tooling that scales across Kubernetes, Docker, and database infrastructure, its operators demonstrate both technical depth and strategic intent. Security teams protecting cloud-native environments should treat exposed cloud services as a primary attack surface and assume that any historical misconfiguration may already have resulted in credential compromise. The discovery of PCPJack is a reminder that the cloud infrastructure threat landscape is no longer just about cryptomining — it is increasingly about credentials, identity, and the downstream fraud and extortion those credentials enable.