## PCPJack Credential Stealer Exploits 5 CVEs to Spread Worm-Like Across Cloud Systems
Cybersecurity researchers have uncovered a sophisticated credential theft framework targeting exposed cloud infrastructure, distinguishing itself by aggressively removing artifacts linked to a prior threat actor known as TeamPCP. The tool, dubbed PCPJack, employs a worm-like propagation mechanism to move laterally across cloud environments after exploiting known vulnerabilities.

The framework harvests credentials from a broad range of services including cloud platforms, container environments, developer tools, productivity applications, and financial services. Once credentials are collected, the data is exfiltrated through attacker-controlled infrastructure. Security researchers identified that PCPJack exploits five Common Vulnerabilities and Exposures to facilitate its spread, suggesting a mature and well-resourced development effort. The tool's deliberate removal of TeamPCP artifacts indicates either territorial behavior or an attempt to obscure attribution by overwriting evidence of the previous compromise.

Organizations running exposed cloud workloads face heightened risk, particularly those with unpatched systems vulnerable to the five CVEs exploited by PCPJack. The financial and developer service targets suggest an economic espionage motive, though the full scope of the campaign remains under investigation. Security teams are urged to audit cloud environments for TeamPCP artifacts, apply available patches for the identified vulnerabilities, and monitor for unusual credential access patterns.
---
- **Source**: The Hacker News
- **Sector**: The Lab
- **Tags**: credential-stealer, cloud-security, CVE, TeamPCP, lateral-movement
- **Credibility**: unverified
- **Published**: 2026-05-08 04:16:09
- **ID**: 80434
- **URL**: https://whisperx.ai/en/intel/80434