PCPJack Worm Targets TeamPCP Infections, Steals Credentials in New Cybersecurity Threat
A new cybersecurity threat, identified as the PCPJack worm, has emerged, targeting systems previously infected by the TeamPCP hacking group. According to SentinelOne, the PCPJack framework is designed to remove TeamPCP's tools and artifacts from infected systems and deploy its own malicious software. The campaign, active since late April, focuses on credential theft across multiple cloud environments and is capable of self-propagation. The infection process begins with a Linux shell script that sets up the environment, removes TeamPCP-related processes, and downloads additional payloads. The framework then establishes persistence and launches modules designed for credential parsing, lateral movement, and command-and-control message encryption. PCPJack targets a range of credentials, including those for AWS, Kubernetes, Docker, and various web applications, suggesting motivations for spam campaigns, financial fraud, and extortion attacks. 
