{"id":236747,"date":"2026-05-08T02:09:43","date_gmt":"2026-05-08T07:09:43","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2026\/05\/new-pcpjack-worm-steals-credentials-cleans-teampcp-infections"},"modified":"2026-05-08T02:09:43","modified_gmt":"2026-05-08T07:09:43","slug":"new-pcpjack-worm-steals-credentials-cleans-teampcp-infections","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2026\/05\/new-pcpjack-worm-steals-credentials-cleans-teampcp-infections","title":{"rendered":"New PCPJack worm steals credentials, cleans TeamPCP infections"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/new-pcpjack-worm-steals-credentials-cleans-teampcp-infections.jpg\"><\/a><\/p>\n<p>A new malware framework called PCPJack is stealing credentials from exposed cloud infrastructure while actively removing TeamPCP\u2019s access to the systems.<\/p>\n<p>Among the targeted services are Docker, Kubernetes, Redis, MongoDB, RayML, and vulnerable web applications. In many cases, the threat actor moves laterally on the network.<\/p>\n<p>SentinelLabs researchers say that PCPJack appears designed for large-scale credential theft, and likely monetizes its activity via financial fraud, spam operations, credential resale, or extortion.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A new malware framework called PCPJack is stealing credentials from exposed cloud infrastructure while actively removing TeamPCP\u2019s access to the systems. Among the targeted services are Docker, Kubernetes, Redis, MongoDB, RayML, and vulnerable web applications. In many cases, the threat actor moves laterally on the network. SentinelLabs researchers say that PCPJack appears designed for large-scale [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34,45],"tags":[],"class_list":["post-236747","post","type-post","status-publish","format-standard","hentry","category-cybercrime-malcode","category-finance"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/236747","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=236747"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/236747\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=236747"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=236747"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=236747"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}