CAI cloud worm gives competitors' malware the boot, then steals secrets and mines for coin
Dog-eat-dog world for credential-stealing attackers
security
CAI cloud worm gives competitors' malware the boot, then steals secrets and mines for coin
Dog-eat-dog world for credential-stealing attackers
EXCLUSIVE There's no honor among thieves as a new worm steals from other infectious software. It pilfers “multiple” victims’ credentials and mines for cryptocurrency while killing competitors’ processes, including similar secret-harvesting malware.
It’s called Cloud AI Infrastructure Attack Framework (CAI), and it’s a centralized botnet that targets cloud-native developer tools like Docker, Kubernetes, Redis, etcd, Kubelet, and Ray for credential theft and cryptomining.
The scripts “are heavily inspired” by the likes of other similar credential-stealing worms that have wreaked havoc across cloud environments and supply chains this year, “using code comments like ‘PCPJack-aligned,’” according to security researcher Michael R.
“CAI explicitly seeks out and kills TeamPCP and PCPJack processes, to further monopolize on compromised targets,” he posted on X.
TeamPCP is the malware-developing crew behind the mini Shai-Hulud, Miasma, and Canister worms that have been poisoning open source registries and harvesting cloud access tokens, credentials, API keys, and other sensitive data since the Trivy supply-chain attack earlier this year.
And PCPJack is a newer secret-stealing copycat worm that not only nabs credentials, but also deletes TeamPCP artifacts to kick that competitor out of victims’ cloud infrastructure.
CAI seems to have taken lessons from both.
“CAI is a constantly evolving framework meant to rival toolkits utilized by TeamPCP and PCPJack,” Hunt.io threat researcher Michael Rippey told The Register.
Hunt.io’s team was the first to spot CAI on June 15, when it observed the first of three open directories via the security shop’s web-scanning engine, AttackCapture, that were linked to the operator.
“Over three weeks, the operator moved from testing worm code mimicking TTPs used by PCPJack, to full production, deployment and compromise of networks,” Rippey said. “The codebase shows signs of LLM-assisted development, reflecting a deliberate progression of someone studying what works to build a competitive platform.”
While the malware isn’t “overly sophisticated,” it is effective, with recent command-and-control logs confirming “active exploitation attempts, with wallet activity confirming multiple successful compromises,” Rippey said.
CAI’s framework consists of a “scanning engine [that] feeds targets into automated exploit queues, with centralized C2 control coordinating attacks across cloud infrastructure with an emphasis on Docker, Redis, etcd, Kubelet, and more,” he added.
“Currently, compromised hosts receive miners, credential stealers, and a Python backdoor,” Rippey said. “CAI’s emergence alongside TeamPCP and PCPJack indicates a growing number of competing threat actors targeting each other and cloud infrastructure.”
Defenders and developers alike should take note, as we’ve already seen the damage that these new-ish cloud worms leave in their wake as they burrow across supply chains. Plus, it’s unlikely that this will be the last of the miscreants seeking to monetize companies’ cloud infrastructure and developers’ secrets.®
Originally published on The Register


