A new cloud-targeting worm framework called PCPJack is actively harvesting credentials from exposed cloud infrastructure — Docker, Kubernetes, Redis, MongoDB, and vulnerable web applications — while simultaneously evicting the competing TeamPCP malware from compromised systems. Discovered on April 28, 2026, by SentinelLABS, PCPJack exploits five documented CVEs and uses an innovative target-discovery mechanism built on publicly available Common Crawl web archive data to spread autonomously across cloud environments without centralized coordination.
PCPJack: Technical Details
PCPJack is a multi-component credential theft and worm framework written in Python. Its initial access module targets exposed or vulnerable services before deploying a credential harvesting module and a self-spreading scanner.
PCPJack exploits five vulnerabilities to gain initial access or achieve lateral movement:
| CVE | Target | CVSS | Vulnerability Type | |—–|——–|——|——————–| | CVE-2025-29927 | Next.js <12.3.5 / 13.5.9 / 14.2.25 / 15.2.3 | 8.8 (High) | Middleware auth bypass via header manipulation | | CVE-2025-55182 | React/Next.js | 9.0 (Critical) | Server Actions deserialization flaw | | CVE-2026-1357 | WPVivid Backup ≤0.9.123 | 9.8 (Critical) | Unauthenticated null-key file upload | | CVE-2025-9501 | W3 Total Cache <2.8.13 | 9.0 (Critical) | PHP code injection via cached comments | | CVE-2025-48703 | CentOS Web Panel <0.9.8.1205 | 9.x (Critical) | Shell injection in file manager |
CVSS stands for Common Vulnerability Scoring System — a standardized 0–10 scale for measuring vulnerability severity. Scores above 9.0 are classified Critical; 7.0–8.9 are High.
After gaining initial access, PCPJack establishes persistence via a systemd service (/etc/systemd/system/spm-worker.service) and stores harvested credentials in /var/lib/.spm/harvest.jsonl.
The Common Crawl Parquet Target Discovery
PCPJack's most technically novel feature is its distributed target discovery mechanism. Rather than maintaining a centralized target list (a single point of failure, easily taken down), the worm downloads Common Crawl parquet files — Parquet is a columnar storage format used for large datasets — containing billions of publicly accessible hostnames crawled from the web.
PCPJack uses a configurable seed index (SPM_SEED_IDX) to assign each running instance a distinct window of parquet files, partitioning scanning responsibilities across the botnet without any central controller. Each node maintains an in-memory deduplication set capped at 15 million entries to prevent redundant scans.
The result: PCPJack scans at internet scale with no coordination overhead and no central C2 dependency for target generation — making it significantly more resilient to takedown than botnets that rely on centralized target lists.
Credentials Harvested: 40+ Services
PCPJack extracts API keys, secrets, and authentication tokens across more than 40 services organized by category:
Cloud and infrastructure: AWS access keys and secrets, Kubernetes service account tokens, Docker secrets, SSH private keys, HashiCorp Vault tokens, DigitalOcean API keys, Grafana Cloud credentials
Financial and cryptocurrency: Binance API keys, Coinbase secrets, Bitcoin wallet files, Kraken API credentials, OKX tokens, Stripe secret keys
Developer platforms: GitHub personal access tokens, Anthropic API keys, OpenAI API keys, OnePassword vault access, Slack tokens
Email and messaging: SendGrid API keys, Mailchimp keys, Gmail OAuth tokens, Twilio authentication, Amazon SES credentials, Mailgun API keys
The targeting of Anthropic and OpenAI API keys reflects the rising value of LLM (Large Language Model) compute access on criminal markets, where stolen API keys are used to run automated prompt campaigns, generate spam, or resell high-throughput access at a fraction of legitimate rates.
Relationship to TeamPCP
SentinelLABS analysts found PCPJack through a Kubernetes-focused VirusTotal hunting rule. The first actions the worm takes upon infecting a host are to evict and delete tooling associated with the TeamPCP threat actor group — the behavior that gave PCPJack its name.
TeamPCP was a threat actor persona responsible for multiple high-profile supply chain intrusions in early 2026, including compromises of PyPI packages and security infrastructure tools. SentinelLABS assesses that PCPJack may have been developed by a former TeamPCP affiliate or member who split off to run an independent operation, using their insider knowledge of TeamPCP's infrastructure layout to identify and displace competitor-compromised hosts.
PCPJack does not deploy cryptominers — unlike most cloud-targeting malware (such as TeamTNT or Kinsing). The services it targets indicate monetization through credential resale on criminal markets, account fraud, spam infrastructure rental, or direct extortion of victims with stolen access.
Exploitation Status and Threat Landscape
PCPJack is actively spreading. MITRE ATT&CK (a globally recognized framework cataloging adversary tactics and techniques) techniques documented in the campaign include:
- T1087 — Account Discovery: Kubernetes and Docker service enumeration
- T1110 — Brute Force: SSH spraying against up to 10 targets per node per cycle
- T1555 — Credentials from Password Stores: vault and secrets file extraction
- T1580 — Cloud Infrastructure Discovery: scanning for metadata endpoints and configuration files
- T1548.004 — Privilege Escalation: container escape via host filesystem mounting
Key Indicators of Compromise
Security teams should hunt for the following IOCs (Indicators of Compromise — artifacts that indicate a system has been compromised):
File paths:
/var/lib/.spm/— working directory/etc/systemd/system/spm-worker.service— persistence mechanism/var/tmp/apt-daily-upgrade— Sliver beacon disguise
Network indicators:
- C2 domain:
cdn[.]cloudfront-js[.]com - Payload host:
spm-cdn-assets-dist-2026[.]s3[.]us-east-2[.]amazonaws[.]com
HTTP indicator:
- MIME boundary
--WebKitFormBoundaryx8jO2oVc6SWP3Sadhardcoded in PCPJack exploitation payloads
File hashes (SHA-1):
a20a9924d92c2b06d82b79c0fe87451c650cabec— bootstrap.sh0b86434ca5145636d745222f7e49c903ce6ef538— worm.py
Who Is Affected
Organizations running any of the following without network controls are at elevated risk:
- Docker daemon exposed on port 2375 or 2376 without TLS authentication
- Kubernetes API server accessible without authentication
- Redis instances on port 6379 without password protection
- Next.js applications on versions below the patched thresholds
- WordPress sites with WPVivid Backup ≤0.9.123 or W3 Total Cache <2.8.13
- CentOS Web Panel older than 0.9.8.1205
Cloud-native environments that store credentials in environment variables or flat configuration files are particularly susceptible to exfiltration even without deep system compromise, since PCPJack's credential extraction module reads environment variables and common configuration file paths.
What You Should Do Right Now
- Patch the five exploited CVEs immediately. Update Next.js to ≥12.3.5 / 13.5.9 / 14.2.25 / 15.2.3, WPVivid Backup to >0.9.123, W3 Total Cache to ≥2.8.13, and CentOS Web Panel to ≥0.9.8.1205.
- Close public exposure of management APIs. Docker daemon, Kubernetes API server, and Redis should never be directly internet-accessible. Enforce network policies, security groups, or VPC-internal routing to restrict access.
- Rotate all potentially exposed cloud credentials. Any environment reachable via the exploited CVEs should rotate AWS keys, Kubernetes tokens, GitHub tokens, payment processor API keys, and LLM API keys immediately.
- Enforce IMDSv2 on AWS. Require IMDSv2 (Instance Metadata Service version 2) to prevent credential theft via EC2 metadata endpoint abuse.
- Hunt for PCPJack IOCs listed above. Check for the suspicious file paths, systemd service, and C2 domain connections.
- Monitor HTTP requests for the hardcoded MIME boundary
--WebKitFormBoundaryx8jO2oVc6SWP3Sad— a reliable detection signal in web application firewall logs.
Background: Understanding the Risk
Cloud credential theft is one of the highest-ROI attack vectors for financially motivated threat actors. Unlike ransomware, which requires sustained presence and creates forensic artifacts, credential theft can be monetized immediately: a single stolen AWS IAM key with broad permissions can generate tens of thousands of dollars in unauthorized compute charges within hours, while Stripe keys enable direct payment fraud.
PCPJack's use of Common Crawl data for target discovery sets it apart from typical cloud malware. Most cloud-targeting tools (like TeamTNT or Kinsing) rely on Shodan-style port scanning, which generates significant network noise and is detectable at the network layer. PCPJack's pre-built, publicly available crawl data approach is stealthier — each node independently determines its target assignment without generating scanning traffic that would trigger IDS (Intrusion Detection System) alerts.
The competitive eviction of TeamPCP also marks an escalation in the cloud threat actor ecosystem. Criminal groups are now actively competing over compromised infrastructure, with newer actors displacing incumbents to establish exclusive control over monetization opportunities on victim hosts. This means organizations may already have two distinct threat actors present on compromised cloud systems — PCPJack as the current tenant, and residual TeamPCP artifacts underneath.
Conclusion
PCPJack is a technically sophisticated, actively spreading cloud worm that combines credential theft across 40+ services with novel Common Crawl parquet-based target discovery. Organizations should immediately patch the five exploited CVEs, close public access to Docker and Kubernetes management APIs, rotate any potentially exposed credentials, and hunt for the SentinelLABS IOCs as the starting point for a rapid threat assessment.
For any query contact us at contact@cipherssecurity.com
