PCPJack Worm Exploits 5 CVEs to Steal Credentials and Hijack TeamPCP Infrastructure

A sophisticated credential theft framework dubbed PCPJack is actively spreading across cloud infrastructure through worm-like propagation, exploiting five known vulnerabilities while systematically removing competing malware from compromised environments. SentinelOne researchers have identified the campaign as targeting Docker, Kubernetes, Redis, MongoDB, RayML, and vulnerable web applications to harvest credentials and enable lateral movement.

The operation shows deliberate overlap with TeamPCP—a threat actor that gained notoriety in late 2024 for exploiting cloud misconfigurations—but with a critical difference: PCPJack actively evicts TeamPCP artifacts and explicitly tracks successful removals through its command-and-control infrastructure. This hostile takeover approach suggests either a former TeamPCP member or a competing operation familiar with the group's tactics.

Multi-Stage Infection Chain

The attack begins with a bootstrap shell script that prepares the compromised environment through several automated steps: configuring payload infrastructure, terminating TeamPCP processes, installing Python dependencies, establishing persistence mechanisms, and deploying six specialized Python modules before self-deletion. This orchestrated approach minimizes detection windows while ensuring operational continuity.

The framework leverages CVE-2025-55182, CVE-2025-29927, CVE-2026-1357, CVE-2025-9501, and CVE-2025-48703 for propagation. These vulnerabilities provide entry points across different cloud services and container platforms, enabling the malware to spread automatically without manual operator intervention.

Six-Module Python Arsenal

PCPJack deploys six purpose-built Python modules, each handling specific attack functions. The worm.py orchestrator manages overall operations, conducts local credential theft, exploits the five CVEs for propagation, and uses Telegram for command-and-control communications. The parser.py module handles credential extraction and categorization of stolen keys and secrets.

The lateral.py component facilitates reconnaissance and lateral movement across SSH, Kubernetes, Docker, Redis, RayML, and MongoDB services. Before exfiltration, crypto_util.py encrypts stolen credentials for transmission to attacker-controlled Telegram channels. The cloud_ranges.py module maintains updated IP address ranges for AWS, Google Cloud, Azure, Cloudflare, Cloudfront, and Fastly, refreshing this data every 24 hours to optimize targeting.

Common Crawl Exploitation for Target Discovery

The cloud_scan.py module employs an innovative targeting method by pulling propagation targets directly from Common Crawl parquet files—a nonprofit web crawling service that provides public datasets. This technique gives attackers access to an extensive, constantly updated database of potential targets across Docker, Kubernetes, MongoDB, RayML, and Redis services exposed to the internet.

This approach demonstrates operational sophistication, leveraging legitimate public infrastructure to identify vulnerable cloud deployments without maintaining extensive scanning infrastructure that could expose the operation to detection or attribution.

TeamPCP Displacement Strategy

The deliberate removal of TeamPCP infrastructure reveals tactical competition in the cloud threat landscape. When exfiltrating data, PCPJack operators track whether TeamPCP has been successfully evicted through a specific 'PCP replaced' field transmitted to command-and-control servers. This metric collection indicates focused interest in displacing the competing operation rather than opportunistic cloud compromise.

Secondary Toolset Discovery

Infrastructure analysis uncovered an additional shell script (check.sh) that detects CPU architecture and deploys appropriate Sliver binaries—a legitimate penetration testing framework commonly abused by threat actors. This secondary toolset scans IMDS endpoints, Kubernetes service accounts, and Docker instances for credentials, transmitting discoveries to external servers independent of the Telegram-based exfiltration channel.

The use of multiple exfiltration paths and tool redundancies indicates operational maturity. SentinelOne researchers noted the framework's modular design suggests the operator values code reusability despite some behavioral overlaps between components.

Immediate Defensive Actions

Organizations must prioritize patching the five CVEs exploited for propagation: CVE-2025-55182, CVE-2025-29927, CVE-2026-1357, CVE-2025-9501, and CVE-2025-48703. Security teams should audit exposed cloud services—particularly Docker, Kubernetes, Redis, MongoDB, and RayML deployments—for unauthorized access or configuration changes.

• Implement network segmentation to limit lateral movement between cloud services and container platforms
• Monitor Telegram traffic for unauthorized command-and-control communications from infrastructure hosts
• Review IMDS endpoint access patterns for abnormal credential harvesting activity
• Audit service accounts across Kubernetes, Docker, and cloud provider environments for unauthorized modifications
• Deploy file integrity monitoring to detect bootstrap scripts and Python modules matching PCPJack indicators
• Examine outbound connections to Common Crawl infrastructure that could indicate compromised systems pulling targeting data
• Rotate credentials for Anthropic, Digital Ocean, Discord, Google API, Grafana Cloud, HashiCorp Vault, OnePassword, and OpenAI services as priority targets

The PCPJack campaign demonstrates evolving cloud threat actor tactics, including competitive displacement of rival operations and sophisticated targeting through public datasets. The framework's modular architecture and multi-vector propagation capabilities pose significant risks to organizations with exposed cloud infrastructure, particularly those running vulnerable container orchestration platforms or database services accessible from the internet.