top of page
ALL POSTS
PCPJack: How Attackers Hijacked 230 Cloud Servers for Covert Email Relay
Key Findings Threat actor PCPJack compromised 230 cloud servers across AWS, Google Cloud, and Microsoft Azure and converted them into covert SMTP relay proxies Complete toolkit, source code, and live command-and-control configuration were accidentally exposed in an unauthenticated directory on a C2 server The operation used Sliver C2 framework combined with Chisel tunneling to create a self-healing, monitored email relay network that synced verified proxies every five minutes
Jun 53 min read
PCPJack Cloud Worm: Exploiting 5 CVEs to Steal Credentials and Spread Across Systems
Key Findings PCPJack is a credential theft framework targeting exposed cloud infrastructure across Docker, Kubernetes, Redis, MongoDB, and RayML The malware exploits five CVEs (CVE-2025-55182, CVE-2025-29927, CVE-2026-1357, CVE-2025-9501, CVE-2025-48703) to spread worm-like across networks PCPJack actively removes TeamPCP artifacts from compromised systems, suggesting possible connection to former TeamPCP members Stolen credentials are exfiltrated via Telegram and include acc
May 73 min read
bottom of page
