CAI Cloud Worm Steals Credentials, Kills Rival TeamPCP and PCPJack Malware
- New Threat: Cloud AI Infrastructure Attack Framework is a centralized botnet worm targeting cloud-native developer tools.
- Malware Rivalry: Reports say it kills competitor processes TeamPCP and PCPJack to monopolize compromised hosts.
- Active Exploitation: Command-and-control logs and wallet activity confirm multiple successful compromises.
Cloud AI Infrastructure Attack Framework (CAI), a new cloud worm, is stealing credentials, mining cryptocurrency, and eliminating rival malware from infected systems. On compromised hosts, the framework deploys cryptominers, credential stealers, and a Python backdoor.
CAI Targets Cloud-Native Developer Tools
CAI operates as a centralized botnet that targets cloud-native developer tools, Hunt.io threat researcher Michael Rippey said on Sunday, cited by The Register. Credential theft and cryptomining targets include:
- Docker,
- Kubernetes,
- Redis,
- Ray Dashboards.
Its scanning engine feeds targets into automated exploit queues, while centralized command-and-control (C2) infrastructure coordinates attacks across cloud environments.
CAI was exposed via an open directory, Rippey said. Pivoting on an SSH key comment uncovered two additional nodes – one recently identified by Yusuf Can Çakır and the other first observed by Hunt.io.
Rapid Development
Over three weeks, the operator moved from testing worm code that mimicked PCPJack's tactics, techniques, and procedures to full production deployment and network compromise.
This was a single operator across three IPs, using two different Monero wallets, both of which see daily activity.
The researcher said the codebase shows signs of LLM-assisted development, reflecting a deliberate progression by someone studying what works to build a competitive platform. C2 logs confirm active exploitation attempts, with wallet activity verifying multiple successful compromises.
CAI Worm Eliminates TeamPCP and PCPJack
CAI explicitly seeks out and kills the processes of competing malware to monopolize compromised targets. It specifically hunts infostealing operations TeamPCP and PCPJack, with the latter seen targeting TeamPCP victims in early May.
The worm's scripts are "heavily inspired" by both, using code comments such as "PCPJack-aligned." Rippey described CAI as a constantly evolving framework built to rival the toolkits used by TeamPCP and PCPJack.
In earlyJune, researchers said PCPJack hijacked 230 AWS, Google Cloud, and Azure servers for SMTP relay abuse. Meanwhile in May, GitHub said it investigated the 4,000-repository breach claimed by TeamPCP, which also alleged to have compromised Mistral AI breach and the Checkmarx Jenkins AST plugin.






