PCPJack targets Kubernetes, Docker

Cloud malware used to be easy to stereotype. Break into a bad Kubernetes cluster, spin up a cryptominer, burn somebody else’s CPU bill. PCPJack is different. It goes after the same exposed cloud plumbing, but the prize is credentials — cloud keys, SSH material, app tokens, database secrets, even AI service keys. And before it starts looting, it kicks out another crew’s malware first. ### What is PCPJack actually doing? PCPJack is a modular Linux malware framework built around a shell bootstrapper and a Python-based main payload. The bootstrap script sets up a hidden working directory, pulls down dependencies and extra modules, establishes persistence, and launches the orchestrator. From there, the malware harvests secrets from the local machine and starts looking for ways to spread. (bleepingcomputer.com) ### Why are Docker and Kubernetes in the blast radius? Because exposed control planes are gold. Docker APIs, Kubernetes services, Redis, MongoDB, and similar management surfaces can let an attacker run code, pull secrets, or move sideways fast if they are open to the internet or weakly protected. That is not a niche problem either — Palo Alto’s Unit 42 says Kubernetes-related operations involving stolen tokens rose 282% over the last year, with most failures tied to misconfiguration and overprivileged identities. (bleepingcomputer.com) ### Why is the TeamPCP angle such a big deal? PCPJack does not just coexist with older malware. It explicitly checks for TeamPCP tooling and removes processes, containers, files, services, and persistence artifacts tied to that group. SentinelLabs’ working theory is that this may be a former TeamPCP operator or affiliate who knows the old toolkit well enough to evict it cleanly. Basically, this looks less like random overlap and more like a turf war inside the same cloud-crime ecosystem. (bleepingcomputer.com) ### What kind of secrets is it after? A lot more than cluster credentials. The collection list includes environment variables, `.env` files, SSH keys, Docker secrets, Kubernetes tokens, cloud metadata credentials, wallet files, Slack tokens, WordPress configs, and API keys tied to services like OpenAI and Anthropic. The point is breadth — if a compromised container can see it, PCPJack wants it. (bleepingcomputer.com) ### How does the stolen data leave the victim? The exfiltration path is unusually tidy. PCPJack encrypts stolen data with X25519 ECDH and ChaCha20-Poly1305, then slices it into 2,800-byte chunks so it can push the loot out through attacker-controlled Telegram channels. That is a practical design — easy to automate, hard to notice if you are only watching for bulk uploads to obvious command-and-control servers. (bleepingcomputer.com) ### Why does this look like the next phase after the spring supply-chain attacks? Because TeamPCP already showed how valuable mass credential theft is. In March 2026, attackers poisoned Aqua’s Trivy GitHub Action and other developer tools so CI/CD runners would quietly leak secrets while jobs still appeared to complete normally. Wiz then saw those stolen secrets validated and used within hours to explore victim cloud environments. PCPJack looks like the same economic logic pushed directly into runtime infrastructure. (bleepingcomputer.com) ### Why should AI teams care? Because modern AI apps sit on this exact stack — containers, orchestrators, secret stores, CI/CD runners, vector services, and API keys. If an attacker steals runtime credentials, the damage is not just infrastructure access. They can tamper with retrieval pipelines, swap models, abuse tool permissions, or quietly siphon prompts and data. The catch is that “AI security” here mostly means very old-fashioned cloud hygiene. (crowdstrike.com) ### So what is the real takeaway? PCPJack matters because it shows where cloud crime is heading. The noisy cryptominer is giving way to the credential thief with better tradecraft, better targeting, and better monetization options — fraud, spam, resale, extortion, or follow-on intrusion. If your Docker or Kubernetes surface is exposed, the attacker does not need a fancy zero-day. They just need your secrets to be sitting where the workload can read them. (bleepingcomputer.com)