PCPJack Malware Targets TeamPCP Victims for Credential Theft

PCPJack Malware Targets TeamPCP Victims for Credential Theft

First seen 7 May 2026, 19:08 UTC TechcrunchBleepingcomputerItnews.AuDarkreadingGbhackers+6 85% similarity 69.5

Article Content

Browse articles
ThreatCluster

The newly discovered PCPJack malware framework is actively targeting cloud environments to steal credentials while removing remnants of the TeamPCP cybercrime group. This worm exploits exposed services such as Docker, Kubernetes, Redis, and MongoDB, propagating through compromised cloud infrastructures. SentinelLabs identified PCPJack on April 28, 2026, noting its capability to evict TeamPCP's tools and install its own credential theft modules. The malware is designed for large-scale credential theft and monetizes its operations through fraud, spam, and extortion, without deploying cryptocurrency mining functions. The attack vector involves a shell script named bootstrap.sh that establishes persistence and downloads additional modules for credential harvesting. Affected organizations are urged to implement robust cloud security practices to mitigate risks. The scope of impact includes various cloud, container, developer, and financial services, with significant implications for organizations relying on these platforms.

Key Points: • PCPJack targets cloud services, stealing credentials while removing TeamPCP artifacts. • The malware exploits vulnerabilities in Docker, Kubernetes, Redis, and MongoDB. • Organizations are advised to enhance cloud security practices to defend against PCPJack.

ThreatCluster AI

Timeline

2026-04-28
PCPJack malware identified
SentinelLabs discovered PCPJack, a malware framework targeting TeamPCP victims and stealing credentials from cloud services.
Technadu
2026-05-07
PCPJack reported by multiple sources
Various cybersecurity outlets reported on PCPJack's capabilities and its focus on evicting TeamPCP tools while stealing credentials.
Darkreading
2026-05-08
PCPJack campaign continues to spread
As of today, PCPJack remains active, targeting exposed cloud infrastructures and prompting security advisories.
Infosecurity-Magazine

Community

Browse all →