"Worms across exposed cloud infrastructure and removes artifacts associated with TeamPCP," SentinelOne senior threat researcher Alex Delamotte wrote, describing a new credential-theft framework called PCPJack that is actively targeting victims tied to the TeamPCP campaigns.
What PCPJack does to infected environments
According to a SentinelLABS report published by SentinelOne, PCPJack is a credential theft framework that moves laterally through cloud environments. The framework is designed first to locate and remove artifacts associated with TeamPCP, the cybercrime group responsible for several high-profile open source supply chain compromises earlier this year. After that cleanup phase, PCPJack deploys code that replicates across the victim’s cloud systems and harvests credentials.
Specific credential targets: Docker, Kubernetes, Redis, MongoDB, RayML, and web apps
SentinelOne’s analysis lists the precise targets PCPJack seeks when it spreads: Docker and Kubernetes configurations, Redis and MongoDB instances, RayML, and vulnerable web applications. The framework is built to extract credentials from these services, with the report noting that it also seeks cryptocurrency credentials specifically. The SentinelLABS write-up links PCPJack’s target set to the service mix seen in early TeamPCP/PCPCat campaigns in December 2025 and the high-visibility campaigns of early 2026.
Notably, PCPJack omits crypto-mining — a clue about motive
Where PCPJack departs from many moderately sophisticated cloud threat campaigns is the deliberate absence of cryptocurrency-mining functionality. Alex Delamotte observed: “Nearly all moderately-sophisticated cloud threat campaigns deploy XMRig or similar at some point, including several of TeamPCP’s campaigns. This campaign does not, and it deliberately removes the miner functions associated with TeamPCP.”
SentinelOne draws the inference — grounded in that behavioral difference — that PCPJack’s operators are prioritizing monetization through credential-based activity rather than on-host resource theft. As Delamotte put it, that monetization could take the form of “credential theft, fraud, spam, extortion, or resale of stolen access.”
SentinelOne’s mitigation checklist for PCPJack-style attacks
- Use a credential vault or enterprise-wide secrets management service.
- Ensure access to credential vaults is never stored in a file saved in clear text.
- Require multi-factor authentication (MFA) for service accounts, rather than relying on an API key alone.
- In AWS environments, enforce IMDSv2 across all services to prevent credential theft.
- Allow-list downloads only from approved S3 resources.
- Use authentication for Docker and Kubernetes even if those services are not exposed to the internet.
- Apply the principle of least privilege to Kubernetes service accounts.
What this means for cloud operators, open-source maintainers, and enterprise security teams
Cloud operators should watch for lateral movement patterns that aim specifically at orchestration and database credentials (Docker, Kubernetes, Redis, MongoDB) and ensure IMDSv2 enforcement in AWS, as recommended by SentinelOne. Open-source maintainers and users of widely distributed tooling — the report cites the compromise of GitHub Actions for Aqua Security’s Trivy that delivered infostealer malware to downstream users including LiteLLM — will need to maintain supply chain hygiene and credential stewardship to limit the value of any stolen access. Enterprise security teams should implement secrets management, MFA for service accounts, and allow-listing for S3 downloads to reduce the attack surface PCPJack seeks to exploit.
SentinelOne warns of tangible business impacts: “The impacts of PCPJack and similar toolsets range from data exposure and extortion to financial impacts of an attacker with access to high-limit, enterprise API services,” Delamotte warned. The combination of deliberate removal of prior-group artifacts and focused credential theft suggests an operator with intimate knowledge of TeamPCP tooling and objectives — SentinelOne states, “We believe this could be a former operator who is deeply familiar with the group’s tooling.”
PCPJack reframes the threat calculus: rather than the noisy and resource-hungry deployments that typify many cloud attacks, this campaign favors stealthy access capture and resale or misuse of credentials. Organizations that rely on shared cloud services, embedded CI/CD tooling, and automated orchestration should treat those credentials as the primary asset under siege and adopt the practical mitigations SentinelOne outlines.
Read the original SentinelLABS report: https://www.infosecurity-magazine.com/news/pcpjack-campaign-boots-teampcp-off/




