Ciphers Security News PCPJack Cloud Worm Evicts Competitor Malware, Steals Credentials from Docker and Kubernetes
News

PCPJack Cloud Worm Evicts Competitor Malware, Steals Credentials from Docker and Kubernetes

PCPJack Cloud Worm Evicts Competitor Malware, Steals Credentials from Docker and Kubernetes

A new self-propagating cloud credential-theft framework called PCPJack is actively spreading across exposed cloud infrastructure — and it includes a novel competitive tactic: evicting infections left by its predecessor, TeamPCP, before taking over compromised environments. Researchers at SentinelLABS first identified PCPJack on April 28, 2026, through a Kubernetes-focused threat hunting rule on VirusTotal. The worm exploits five known CVEs (Common Vulnerabilities and Exposures — tracked vulnerability identifiers) to spread across Docker, Kubernetes, Redis, MongoDB, and RayML deployments, harvesting credentials from cloud platforms, developer tools, and financial services. Unlike typical cloud-targeting malware, PCPJack deploys no cryptominer; its purpose is pure credential theft and access resale.

PCPJack: Technical Details

PCPJack operates as a credential theft and lateral movement framework that propagates worm-style — meaning it automatically seeks out new targets and spreads without requiring manual operator intervention, similar to how a biological worm spreads through a population. The framework is designed for speed and breadth: it scans external IP ranges for exposed cloud and container management services, exploits vulnerabilities to gain access, harvests stored credentials, and moves immediately to adjacent hosts.

The attack surface PCPJack targets is the subset of cloud infrastructure that is commonly misconfigured or left exposed to the internet:

  • Docker daemon (TCP 2375/2376) — the container management API that, when exposed without authentication, gives an attacker full control over all containers and the ability to create privileged containers with host filesystem access
  • Kubernetes API server (TCP 6443, 8443) — the control plane for Kubernetes clusters; unauthenticated or weakly authenticated access allows full cluster takeover
  • Redis (TCP 6379) — an in-memory database widely used as a cache and message queue; exposed Redis instances often contain session tokens, API keys, and queued job data
  • MongoDB (TCP 27017) — a document database that, when exposed without authentication, allows full read/write access to all stored documents
  • RayML — an open-source distributed computing framework for machine learning workloads; exposed Ray clusters have been increasingly exploited for code execution and resource hijacking in 2026
  • Vulnerable web applications — PCPJack also targets web-facing services running on the same infrastructure, exploiting known CVEs in the underlying frameworks

SentinelLABS reports that PCPJack exploits five CVEs to propagate, though the specific CVE identifiers have not been publicly released as of publication to allow affected vendors time to respond.

The credential-harvesting scope is broad. PCPJack extracts credentials and API keys from:

  • Cloud provider CLI credential stores (AWS, GCP, Azure)
  • Container registry credentials (Docker Hub, private registries)
  • Developer tooling (CI/CD pipeline tokens, package manager credentials)
  • Productivity services (Slack tokens, communication platform API keys)
  • Financial services (payment processor API keys, cryptocurrency wallet keys)

Credentials are exfiltrated to attacker-controlled infrastructure. Unlike TeamPCP — its apparent predecessor, which used ICP (Internet Computer Protocol) Canister nodes as decentralized, censorship-resistant C2 (command-and-control) infrastructure — PCPJack uses conventional attacker-controlled servers.

The TeamPCP Eviction Mechanism

The most distinctive technical feature of PCPJack is its competitive intelligence: the malware checks whether targeted environments are already infected by TeamPCP, and if so, actively removes TeamPCP's artifacts before establishing its own foothold.

PCPJack reports success metrics to its C2 server including a "PCP replaced" field — a telemetry flag that explicitly records whether a given compromise resulted in the displacement of a TeamPCP infection. This behavior is not merely a side effect of cleanup; it is deliberately instrumented, suggesting the PCPJack operator is tracking market share against a competitor.

SentinelLABS assesses that PCPJack was likely developed by a former TeamPCP affiliate or member who spun off their own operation. The eviction behavior could serve multiple strategic purposes: eliminating a competitor's access to the same host, removing artifacts that might trigger detection (since TeamPCP's indicators of compromise are better known to defenders), and signaling operational dominance within a shared criminal ecosystem.

TeamPCP gained notoriety through several high-profile supply chain intrusions in early 2026 and deployed CanisterWorm — a self-propagating worm that used ICP Canister nodes as C2. PCPJack's abandonment of the decentralized C2 architecture in favor of conventional infrastructure suggests the new actor prioritized operational speed over the censorship resistance that defined TeamPCP's approach.

Exploitation Status and Threat Landscape

SentinelLABS first observed PCPJack on April 28, 2026. The malware has been active for approximately 10 days as of publication and is spreading across cloud environments globally. The scope of confirmed infections has not been publicly quantified.

The threat model PCPJack represents is distinct from ransomware: it does not encrypt files or demand payment from victims. Instead, its monetization model relies on:

  • Credential resale — stolen cloud API keys and developer tokens have active underground markets, with prices varying by the access they provide
  • Fraud and spam — access to cloud compute and email delivery infrastructure enables spam campaigns and fraud operations
  • Extortion — threat actors holding stolen credentials can offer "you've been breached" notifications as leverage for payment
  • Further lateral movement — initial cloud credentials frequently provide access to broader corporate networks through VPN configurations, SSO tokens, and identity provider integrations stored alongside cloud keys

The five CVEs exploited by PCPJack have not been disclosed as of publication. Organizations running the targeted services should apply all available security updates and enforce network-level access controls regardless of specific CVE details, as the general attack surface (exposed Docker, Kubernetes, Redis, MongoDB APIs) is well-documented and independently dangerous.

Who Is Affected

PCPJack targets any organization running cloud or containerized infrastructure with:

  • Docker daemon exposed to the internet without authentication (a common misconfiguration in cloud environments)
  • Kubernetes API server accessible without authentication or with weak RBAC (Role-Based Access Control — the permission system governing who can perform what actions in a Kubernetes cluster) policies
  • Redis instances without authentication (Redis has no authentication by default in older versions)
  • MongoDB instances without authentication (a historically common misconfiguration responsible for numerous large data exposures)
  • RayML clusters accessible from external networks
  • Web applications running on the same infrastructure with exploitable vulnerabilities

This attack surface is predominantly found in:

  • Early-stage startups and development teams that prioritized speed over security
  • Misconfigured cloud deployments where internal services were inadvertently exposed via security group or firewall rule misconfigurations
  • Academic research computing environments that deployed RayML for ML workloads without hardening the management interface
  • CI/CD pipelines running in cloud environments where Kubernetes RBAC configurations grant overly broad permissions

What You Should Do Right Now

  • Audit all exposed cloud service ports. Run a network scan or use your cloud provider's security posture management tools to identify any Docker daemon (2375/2376), Kubernetes API (6443, 8443), Redis (6379), or MongoDB (27017) ports accessible from the public internet. These should never be exposed publicly.
  • Enable authentication on all Redis and MongoDB instances. If you are running either without authentication, this is the highest-priority remediation. Redis requires requirepass configuration or ACL setup; MongoDB requires enabling security.authorization in mongod.conf.
  • Restrict Kubernetes API server access. The Kubernetes API should only be accessible from trusted IP ranges or through a private network. Audit your cluster's RBAC policies for overly permissive service account bindings.
  • Rotate cloud credentials. If you have any doubt about whether your cloud provider API keys, container registry credentials, or CI/CD tokens may have been exposed, rotate them immediately. Use a secrets manager (AWS Secrets Manager, HashiCorp Vault, GCP Secret Manager) rather than storing credentials in environment variables or configuration files.
  • Hunt for PCPJack indicators. SentinelLABS has published indicators of compromise in their PCPJack research report. Search your container and system logs for the listed C2 IP addresses, file hashes, and process names.

Background: Understanding the Risk

The cloud credential theft ecosystem has matured rapidly in 2026. Unlike earlier-era malware that focused on deploying cryptominers on hijacked cloud compute, the latest generation of cloud-targeting worms — including TeamPCP, CanisterWorm, and now PCPJack — treat credentials as the primary commodity. A single set of AWS credentials with IAM (Identity and Access Management) privileges can provide access to an organization's entire cloud infrastructure, including databases containing customer PII, proprietary code in private repositories, and production systems. This is significantly more valuable to attackers than the electricity cost savings of hijacked CPU cycles for cryptocurrency mining.

PCPJack's competitor-eviction behavior is a sign of a maturing threat landscape. When malware operators build tools to detect and remove competing infections, it signals that the criminal ecosystem has matured to the point where market competition is a meaningful operational concern. For defenders, this creates a secondary detection opportunity: the PCPJack eviction of TeamPCP artifacts may trigger familiar IOC alerts — but that detection itself indicates a deeper, ongoing compromise by a new actor.

Conclusion

PCPJack is a self-propagating cloud worm that exploits five CVEs to compromise Docker, Kubernetes, Redis, MongoDB, and RayML deployments, evicts competing TeamPCP malware, and steals credentials from cloud providers and developer services. Audit exposed cloud service ports, enable authentication on all internal services, rotate cloud credentials, and review SentinelLABS' IOC report immediately to determine whether your environment is affected.

For any query contact us at contact@cipherssecurity.com

Tags:

Share This Post:

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Post

Braintrust AWS Breach Exposes AI Provider API Keys, All Customers Ordered to Rotate Secrets
News

Braintrust AWS Breach Exposes AI Provider API Keys, All

May 8, 2026
PamDOORa: New Linux Backdoor Sells for $900 on Russian Forum, Harvests SSH Credentials via PAM
News

PamDOORa: New Linux Backdoor Sells for $900 on Russian

May 8, 2026
Attackers Abuse Bun JavaScript Runtime to Spread NWHStealer Infostealer
News

Attackers Abuse Bun JavaScript Runtime to Spread NWHStealer Infostealer

May 8, 2026
One in Eight Workers Has Sold Corporate Login Credentials, Cifas Finds
News

One in Eight Workers Has Sold Corporate Login Credentials,

May 6, 2026
npm Supply Chain Attack Audit: Detect Mini Shai-Hulud in SAP, PyTorch Lightning, and Intercom Dependencies
Blog

npm Supply Chain Attack Audit: Detect Mini Shai-Hulud in

May 5, 2026