Security researchers have discovered an unusual new threat campaign designed to target victims of notorious cybercrime group TeamPCP.

PCPJack is a credential theft framework that “worms across exposed cloud infrastructure and removes artifacts associated with TeamPCP,” according to SentinelOne senior threat researcher, Alex Delamotte.

TeamPCP is the group behind some major open source supply chain attacks this year, including one that compromised the GitHub Actions for Aqua Security's popular Trivy vulnerability scanner to deliver infostealer malware to countless downstream users including LiteLLM.

“Many of the services targeted by the PCPJack framework are similar to the early TeamPCP/PCPCat campaigns from December 2025, before the high-visibility campaigns of early 2026 brought significant attention to TeamPCP and purportedly led to changes in group membership,” explained Delamotte In aSentinelLABS post.

“We believe this could be a former operator who is deeply familiar with the group’s tooling.”

Read more on TeamPCP: TeamPCP Explores Ways to Exploit Stolen Supply Chain Secrets

After removing all artifacts associated with TeamPCP, PCPJack deploys code designed to replicate through the victim’s cloud systems – stealing credentials from Docker, Kubernetes, Redis, MongoDB, RayML, and vulnerable web applications, the SentinelLABS report noted.

Although it’s programmed to steal cryptocurrency credentials, it lacks crypto-mining functionality.

“Nearly all moderately-sophisticated cloud threat campaigns deploy XMRig or similar at some point, including several of TeamPCP’s campaigns,” Delamotte wrote. “This campaign does not, and it deliberately removes the miner functions associated with TeamPCP.”

This suggests the goal is monetization through “credential theft, fraud, spam, extortion, or resale of stolen access,” she added.

Mitigating PCPJack-Style Attacks

SentinelOne urged organizations to defend against similar threats by sticking to cloud and web application security best practices, namely:

• Using a credential vault or secrets management service enterprise wide
• Ensuring access to credential vaults is never stored in a file saved in clear text
• Requiring multi-factor authentication (MFA) for service accounts, rather than an API key alone
• In AWS environments, ensuring that IMDSV2 is enforced across all services to prevent credential theft
• Allow-listing downloads only from approved S3 resources
• Using authentication for Docker and Kubernetes, even if not exposed to the internet (as they are popular targets for lateral movement)
• Applying principle of least privilege to Kubernetes service accounts

“The impacts of PCPJack and similar toolsets range from data exposure and extortion to financial impacts of an attacker with access to high-limit, enterprise API services,” Delamotte warned.