\n
![](\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2025\/05\/malware-threat-1000x648.jpg\")
<\/p>\n
\n<\/p>\n
A brand new hacking group has been rampaging the Web in a persistent marketing campaign that spreads a self-propagating and never-before-seen backdoor\u2014and curiously a knowledge wiper that targets Iranian machines.<\/p>\n
The group, tracked below the identify TeamPCP, first gained visibility in December, when researchers from safety agency Flare noticed <\/a> it unleashing a worm that focused cloud-hosted platforms that weren\u2019t correctly secured. The target was to construct a distributed proxy and scanning infrastructure after which use it to compromise servers for exfiltrating knowledge, deploying ransomware, conducting extortion, and mining cryptocurrency. The group is notable for its talent in large-scale automation and integration of well-known assault methods.<\/p>\n Extra lately, TeamPCP has waged a relentless marketing campaign that makes use of constantly evolving malware to convey ever extra techniques below its management. Late final week, it compromised<\/a> nearly all variations of the extensively used Trivy vulnerability scanner in a supply-chain assault after gaining privileged entry to the GitHub account of Aqua Safety, the Trivy creator.<\/p>\nRelentless and continuously evolving<\/h2>\n