VYPR
researchPublished Jul 7, 2026· 1 source

New Cloud Worm 'CAI' Competes with Rivals, Steals Secrets, and Mines Crypto

A novel cloud worm named CAI (Cloud AI Infrastructure Attack Framework) is actively targeting cloud-native developer tools, eliminating competing malware, and engaging in credential theft and cryptomining.

A new cloud worm, identified as the Cloud AI Infrastructure Attack Framework (CAI), has emerged, demonstrating a ruthless competitive streak within the cybercriminal ecosystem. This sophisticated botnet specifically targets cloud-native developer tools such as Docker, Kubernetes, Redis, etcd, Kubelet, and Ray. Its primary objectives are to pilfer credentials and engage in cryptocurrency mining, while actively seeking out and terminating processes belonging to rival malware, including those from threat actors like TeamPCP and PCPJack.

The codebase of CAI shows clear inspiration from existing credential-stealing worms that have previously impacted cloud environments and supply chains. Security researchers have noted comments within the code that reference "PCPJack-aligned" activities, indicating a direct lineage or influence. CAI's aggressive approach includes explicitly killing TeamPCP and PCPJack processes, aiming to monopolize compromised targets and resources.

TeamPCP is known for developing malware like the mini Shai-Hulud, Miasma, and Canister worms, which have been active in poisoning open-source registries and harvesting sensitive cloud data. PCPJack, a more recent entrant, not only steals credentials but also actively removes TeamPCP's presence, creating a direct conflict. CAI appears to have learned from both, positioning itself as a formidable competitor.

According to threat researcher Michael Rippey of Hunt.io, CAI is designed as an "evolving framework meant to rival toolkits utilized by TeamPCP and PCPJack." Hunt.io's team first observed CAI on June 15, tracking its operator's progression from testing worm code to full production deployment over three weeks. Rippey highlighted that the malware's codebase exhibits signs of "LLM-assisted development," suggesting a deliberate and strategic approach to building a competitive platform by studying existing TTPs (tactics, techniques, and procedures).

While not described as overly sophisticated, CAI has proven effective. Recent command-and-control logs confirm active exploitation attempts, and wallet activity indicates successful compromises. The framework comprises a scanning engine that feeds targets into automated exploit queues, all coordinated by centralized C2 control. This allows for coordinated attacks across cloud infrastructure, with a particular emphasis on vulnerable services like Docker, Redis, etcd, and Kubelet.

Currently, compromised hosts are being equipped with miners, credential stealers, and a Python backdoor. The emergence of CAI alongside established threats like TeamPCP and PCPJack underscores a growing trend of competing threat actors not only targeting cloud infrastructure but also actively undermining each other.

This development serves as a stark reminder for defenders and developers about the escalating risks within cloud environments. The damage caused by these cloud worms, as they propagate through supply chains, is significant. The continued innovation and competition among these threat actors suggest that malicious actors will continue to seek monetization opportunities by exploiting companies' cloud infrastructure and developers' sensitive secrets.

Synthesized by Vypr AI