PCPJack hijacks 230 AWS, Google Cloud, and Azure servers into covert SMTP relay network using Sliver and Chisel, removes TeamPCP
SentinelOne and Hunt.io have detailed PCPJack, a credential-theft framework that hijacks cloud servers across AWS, Google Cloud, and Azure into a covert SMTP relay network - while terminating artifacts of the rival TeamPCP group. Built around a Sliver-integrated SMTP proxy toolkit with Chisel tunneling for multiple Linux architectures, it drops a hidden binary at /var/tmp/.xs and assigns each Sliver beacon a SOCKS5 port derived from an MD5 of its UUID. A deployer script runs an SMTP 'quality gate' probing outbound smtp.gmail.com:587 - hosts that cannot relay email are discarded. A C2-side Python daemon continuously prunes Chisel tunnels for SMTP capability. Around 230 servers were compromised.
- Check
- Hunt cloud Linux hosts for /var/tmp/.xs, Sliver and Chisel binaries, and outbound SMTP probes to smtp.gmail.com:587. Check for cron or systemd persistence. Apply SentinelOne and Hunt.io IoCs.
- Affected
- Internet-reachable cloud servers (AWS, Google Cloud, Azure) that attackers can compromise and that have outbound SMTP capability - the criterion PCPJack uses to select hosts for its relay network.
- Fix
- Block unneeded outbound SMTP (port 587/25) from cloud workloads. Remove Sliver/Chisel artifacts and persistence. Restrict egress, monitor for SOCKS5 tunneling, and rotate credentials on affected hosts.