PCPJack: Python-Based Worm Leveraging Common Crawl, Telegram C2, and Kubernetes Escapes
A sophisticated new malware framework, identified as PCPJack, has emerged as a potent threat to exposed cloud and containerized infrastructures. Unlike many contemporary cloud-focused threats that prioritize cryptomining for immediate revenue, PCPJack is precision-engineered for high-volume credential theft, fraud, spam, and extortion.
Most notably, the framework appears to function as a “displacer,” actively hunting for and evicting existing malware artifacts associated with the TeamPCP threat actor.
The emergence of PCPJack suggests a significant shift in the cybercriminal landscape. The framework’s explicit focus on tracking “PCP replaced” metrics within exfiltrated data implies that the developer is likely a rival actor or a former operator of the TeamPCP group, possessing deep technical knowledge of their operational footprint. This follows TeamPCP’s high-profile involvement in supply chain compromises involving Aqua Security’s Trivy and the LiteLLM AI gateway earlier in 2026.
Initial Infection and Payload Deployment
The infection chain typically commences with a lightweight Linux shell script titled bootstrap.sh. This dropper serves as the environmental architect, preparing the host by aggressively terminating any processes, services, or containers linked to TeamPCP or PCPCat. Once the environment is cleared, it pulls a comprehensive, Python-based framework from an attacker-controlled Amazon S3 bucket.

The deployment involves six distinct Python modules designed to minimize the footprint of any single file:
- monitor.py (acting as the orchestrator/worm.py): Manages the execution flow and module lifecycle.
- utils.py: Performs regex-heavy credential parsing.
- _lat.py: Facilitates lateral movement across the network.
- _cu.py: Handles cryptographic operations.
- _cr.py: Provides a database of cloud IP ranges.
- _csc.py: Executes cloud-scale scanning.
To evade static analysis, the orchestrator employs a dynamic dependency injection method, loading modules at runtime rather than using standard Python import statements. Furthermore, sensitive configuration data is hex-encoded and decrypted on-the-fly using an XOR routine keyed with an MD5 hash of a simulated Python networking library string.
The PCPJack Worm Framework: Reconnaissance and Scaled Discovery
Once the framework achieves persistence—typically via systemd services or cron jobs—the monitor.py module initiates an intensive local collection pipeline. It targets environment variables, .env files, SSH keys, Docker secrets, Kubernetes tokens, and AWS metadata credentials, all while storing artifacts in a hidden directory at /var/lib/.spm.

What sets PCPJack apart is its unconventional approach to external discovery. Instead of traditional brute-forcing, it ingests Parquet files from the Common Crawl open web corpus. By iterating over url_host_name fields, the malware builds massive, pre-validated lists of internet-facing targets. Each infected node processes a unique slice of this dataset, scanning for vulnerabilities such as the React2Shell (CVE-2025-55182) vulnerability in React and Next.js deployments.
Lateral Movement and Container Escape
PCPJack is highly optimized for traversing modern, containerized environments. The _lat.py module executes reconnaissance on services including Docker, Kubernetes, Redis, MongoDB, and RayML.
In Kubernetes environments, the malware leverages service account tokens to query the API server for highly sensitive objects like Secrets and ConfigMaps. It has even demonstrated the ability to attempt container escapes by attempting to mount the host filesystem into attacker-controlled containers.

check.sh script, managing pre-beaconing procedures (Source: SentinelLABS).For non-containerized services, the malware exploits misconfigured Redis instances to perform key enumeration and establish persistence via cron-rewrite tricks. It also targets MongoDB and RayML via default ports to scrape database contents or submit weaponized jobs. SSH-based propagation completes the cycle, using discovered keys and shell histories to pivot to adjacent systems.
Command and Control (C2) and Exfiltration
Communication is handled via Telegram. The malware uses one channel to post telemetry and credential dumps, while polling a second channel for operator instructions, such as updating scanning ranges or deploying new modules.
For data security, the crypto_util.py module attempts to utilize X25519 key pairs and ChaCha20-Poly1305 encryption. However, a notable weakness exists: if the required cryptographic dependencies are missing, the module falls back to plaintext transmission, potentially exposing stolen data to network defenders.
Final Note: SentinelLABS also identified a secondary, modular toolkit on the same infrastructure, deploying Sliver C2 beacons and targeting high-value API keys for services like OpenAI, Anthropic, and HashiCorp Vault. This suggests that PCPJack is part of a much larger, evolving ecosystem of credential-theft tools designed to exploit the modern cloud-native stack.