‘PCPJack’ Worm Removes TeamPCP Infections, Steals Credentials
The PCPJack worm is actively removing TeamPCP infections from cloud instances while stealing credentials from compromised environments.
A new malware worm known as 'PCPJack' has been observed actively targeting web applications and cloud environments, including AWS, Docker, and Kubernetes. The worm is notable for its behavior of removing existing 'TeamPCP' infections from compromised systems to establish its own control [SecurityWeek].
PCPJack is designed to steal credentials from the environments it infects, potentially leading to further unauthorized access and lateral movement within cloud infrastructures. By displacing previous malware, the operators of PCPJack aim to consolidate their control over the compromised resources.
Organizations operating in cloud environments should implement strict identity and access management policies and regularly scan for unauthorized containers or instances. Monitoring for unusual outbound traffic and unauthorized credential usage is essential for detecting and mitigating the impact of this worm.