PCPJack is a sophisticated credential theft framework that propagates across exposed cloud infrastructure while systematically removing artifacts linked to TeamPCP, a threat actor behind notable 2026 supply chain compromises. The toolset harvests credentials from cloud platforms, containers, developer tools, productivity applications, and financial services, exfiltrating data through attacker-controlled infrastructure. It targets exposed Docker, Kubernetes, Redis, MongoDB, RayML services and vulnerable web applications, enabling external propagation and lateral movement. Unlike typical cloud malware, PCPJack deploys no cryptominers, focusing instead on credential theft for monetization through fraud, spam campaigns, extortion, or access resale. The framework uses modular Python scripts orchestrated by a central component, employs Common Crawl data for target selection, and utilizes Telegram for command and control communications.