PCPJack is a new malware framework that steals credentials from exposed cloud systems while removing TeamPCP artifacts and access from compromised environments. It targets services and applications such as Docker, Kubernetes, Redis, MongoDB, RayML, and vulnerable web apps, and may be linked to a former TeamPCP affiliate. #PCPJack #TeamPCP #Trivy #LiteLMM #Telnyx #SAP
Keypoints
- PCPJack steals credentials from exposed cloud infrastructure.
- It deletes TeamPCP processes, files, containers, and persistence artifacts.
- The malware targets Docker, Kubernetes, Redis, MongoDB, RayML, and web apps.
- PCPJack spreads by exploiting vulnerabilities and laterally moving inside networks.
- It exfiltrates stolen data to Telegram after encrypting and chunking it.