Bleepingcomputer
PCPJack Malware Targets TeamPCP Victims for Credential Theft
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
The newly discovered PCPJack malware framework is actively targeting cloud environments to steal credentials while removing remnants of the TeamPCP cybercrime group. This worm exploits exposed services such as Docker, Kubernetes, Redis, and MongoDB, propagating through compromised cloud infrastructures. SentinelLabs identified PCPJack on April 28, 2026, noting its capability to evict TeamPCP's tools and install its own credential theft modules. The malware is designed for large-scale credential theft and monetizes its operations through fraud, spam, and extortion, without deploying cryptocurrency mining functions. The attack vector involves a shell script named bootstrap.sh that establishes persistence and downloads additional modules for credential harvesting. Affected organizations are urged to implement robust cloud security practices to mitigate risks. The scope of impact includes various cloud, container, developer, and financial services, with significant implications for organizations relying on these platforms.
Key Points: • PCPJack targets cloud services, stealing credentials while removing TeamPCP artifacts. • The malware exploits vulnerabilities in Docker, Kubernetes, Redis, and MongoDB. • Organizations are advised to enhance cloud security practices to defend against PCPJack.