PCPJack turns 230 cloud servers into covert SMTP relays

Security researchers recovered files from an unauthenticated command-and-control server and found evidence that the threat actor known as PCPJack converted 230 compromised business servers on Amazon Web Services, Google Cloud and Microsoft Azure into a covert SMTP relay network across the U.S., Europe and Asia.

Investigators accessed two open directories on the C2 host at 213.136.80.73 and recovered source code, compiled binaries, deployment logs, internet scanners, exploitation tooling and a live Sliver configuration. The recovered files show an actively running relay pipeline and deployment state records for infected cloud hosts.

The toolkit on the server combined a Sliver-integrated SMTP proxy deployment package with Chisel tunneling and proxy binaries built for AMD64, ARM64 and x86 Linux systems. On victim machines the relay binary was dropped as a hidden file persisted at /var/tmp/.xs. Deployer scripts loaded Sliver C2 client configurations, filtered for Linux beacons that had checked in within the previous ten minutes and provisioned a SOCKS5 proxy port for each beacon.

Each implant received a deterministic SOCKS5 port calculated from an MD5 hash of its Sliver UUID and mapped into the 10000–14999 range so the same implant consistently appeared on the same port. The deployment pipeline included an SMTP quality gate that probed outbound access to smtp.gmail.com:587; hosts that failed that check were skipped. Early scripts processed beacons in batches of 50 with waits to accommodate slow check-ins; later versions removed the SMTP gate and batching logic.

A diagnostic script checked for Chisel binaries and processes, available disk space, reachability of port 9000 on the C2 server and persistence artifacts such as cron entries or systemd services. The C2 host ran a Python daemon, chisel_verifier.py, that enumerated active Chisel tunnel ports every 60 seconds, tested each new port for SMTP capability and removed failed tunnels from the pool. Verified proxy endpoints were enriched with exit IP address, country and autonomous system number using api.ipify.org and ip-api.com.

Verified proxy lists were synced every five minutes via Secure Copy Protocol to a downstream consumer server at 38.242.204.245; that server was not accessible when researchers reviewed the data. The recovered records corresponded to a 230-node relay network actively being updated and consumed at regular intervals. Hunt.io reported, “The infrastructure was still running when we found it.” Hunt.io also noted that the SMTP gate limited the pipeline to hosts capable of relaying mail.

PCPJack was first flagged in April 2026 when SentinelOne identified a cloud-targeting credential-theft framework that attempted to remove artifacts linked to TeamPCP. Investigators could not determine from the files whether the 230-node outcome reflected a single operator iterating on the toolset or multiple actors sharing the same infrastructure. Researchers recommend that security teams check cloud-hosted business servers for hidden binaries, unexpected Chisel tunnels and unusual outbound SMTP activity.