Cybersecurity researchers have revealed details of a new credential theft framework called PCPJack that targets exposed cloud infrastructure and expels any artifacts linked to TeamPCP from the environment.
“This toolset collects credentials from cloud, container, developer, productivity, and financial services, steals data through attacker-controlled infrastructure, and attempts to spread to additional hosts,” SentinelOne security researcher Alex Delamotte said in a report released today.
PCPJack is specifically designed to target cloud services and vulnerable web applications such as Docker, Kubernetes, Redis, MongoDB, and RayML, allowing operators to spread in a worm-like manner and move laterally within a compromised network.
The ultimate goal of cloud attack campaigns is assessed to be to generate illicit revenue for threat actors through credential theft, fraud, spam, extortion, or reselling stolen access. of
What is notable about this activity is the significant overlap in targets with TeamPCP. TeamPCP rose to prominence late last year by exploiting known security vulnerabilities (such as React2Shell) and misconfigurations in cloud services to join endpoints into an ever-expanding network in order to perform data theft and other post-exploitation actions.
At the same time, unlike TeamPCP, PCPJack does not have a cryptocurrency mining component. It is unclear why this obvious monetization strategy was not adopted, but the similarities between the two clusters indicate that PCPJack may be the work of a technically savvy former member of TeamPCP.
The starting point for the attack is a bootstrap shell script that is used to prepare the environment, including configuring the payload host, and download next-stage tools. At the same time, it infects its own infrastructure, terminates and deletes processes or artifacts associated with TeamPCP, installs Python, establishes persistence, downloads six Python scripts, launches orchestration scripts, and deletes itself.
The six Python payloads are:
worm.py (written to disk as monitor.py), the main orchestrator that launches dedicated modules, is vulnerable to known flaws (CVE-2025-55182, CVE-2025-29927, CVE-2026-1357, CVE-2025-9501, and CVE-2025-48703) in command and control (C2). Use Telegram. parser.py (utils.py), which handles the extraction of credentials to classify stolen keys and secrets. larate.py (_lat.py), which facilitates reconnaissance, collects secrets, and enables lateral movement between SSH, Kubernetes, Docker, Redis, RayML, and MongoDB services. crypto_util.py (_cu.py), which encrypts credentials before leaking them to the attacker’s Telegram channel; cloud_ranges.py (_cr.py), which collects IP address ranges assigned to Amazon Web Services (AWS), Google Cloud, Microsoft Azure, Cloudflare, Cloudfront, and Fastly and updates the data every 24 hours; cloud_scan.py (_csc.py), which encrypts credentials before leaking them to the attacker’s Telegram channel; cloud_scan.py (_csc.py); cloud for external propagation via Docker and Kubernetes; Run a port scan. MongoDB, RayML, or Redis service
The orchestrator script’s propagation targets come from parquet files that the worm pulls directly from Common Crawl, a nonprofit organization that crawls the web and makes its archives and datasets available to the public at no additional cost.
“While stealing system information and credentials, PCPJack operators also collect success metrics regarding whether TeamPCP was removed from the target environment in the ‘PCP exchange’ field sent to the C2,” Delamotte said. This “means a direct focus on threat actor activity, rather than pure cloud attack opportunism.”
Further analysis of the threat actor’s infrastructure revealed another shell script (‘check.sh’) that detects the CPU architecture and fetches the appropriate Sliver binary. It also scans Instance Metadata Service (IMDS) endpoints, Kubernetes service accounts, and Docker instances for credentials associated with Anthropic, Digital Ocean, Discord, Google APIs, Grafana Cloud, HashiCorp Vault, OnePassword, and OpenAI, and sends them to external servers.
“Overall, the two toolsets are well developed and demonstrate the owners’ focus on writing code as modular frameworks, despite some redundancy in behavior,” SentinelOne said. “This campaign is [deploy miners]intentionally removes minor features associated with TeamPCP. Nevertheless, this attacker has a well-defined scope for exfiltrating cryptocurrency credentials. ”
Source link
