Checkmarx KICS Docker Image Compromised to Inject Malware
Key Takeaways A sophisticated supply chain attack targeted Checkmarx’s KICS Docker images and VS Code extensions. Threat actors injected malware designed to steal developer credentials, cloud...
Key Takeaways
- A sophisticated supply chain attack targeted Checkmarx’s KICS Docker images and VS Code extensions.
- Threat actors injected malware designed to steal developer credentials, cloud secrets, and API keys.
- The compromise led to the exfiltration of sensitive Infrastructure as Code (IaC) scan reports and potential abuse of GitHub and npm tokens for further supply chain attacks.
- Affected components include specific KICS Docker image tags and Checkmarx VS Code extensions (
cx-dev-assistandast-results). - Immediate action is required to remove compromised assets, rotate credentials, and audit systems for indicators of compromise.
A significant supply chain attack has been uncovered, impacting the official checkmarx/kics Docker Hub repository and several Checkmarx VS Code extensions. Threat actors successfully pushed malicious images and extension versions, which were engineered to harvest and exfiltrate sensitive developer credentials and infrastructure secrets from compromised environments.
Table Of Content
The incident came to light on April 22, 2026, when Docker’s internal monitoring systems detected unusual activity surrounding KICS image tags. This triggered an immediate alert to researchers at Socket, who initiated a comprehensive investigation.
The probe revealed that attackers had tampered with existing Docker image tags, specifically overwriting v2.1.20 and alpine. Additionally, a new, unauthorized tag, v2.1.21, was introduced, which lacked any corresponding legitimate upstream release. The full list of affected tags included v2.1.20-debian, v2.1.20, debian, alpine, and latest. All compromised tags have since been reverted to their original, legitimate versions.
KICS, an acronym for Keeping Infrastructure as Code Secure, is a widely adopted open-source tool. It plays a crucial role for DevOps and security teams by scanning Infrastructure as Code (IaC) configurations—such as Terraform, CloudFormation, and Kubernetes—for potential security misconfigurations. Its extensive integration into continuous integration/continuous delivery (CI/CD) pipelines made it a prime target for supply chain attackers seeking broad impact.
Trojanized Binaries and Credential Exfiltration
Forensic analysis of the tainted KICS Docker images exposed a modified ELF binary, written in Golang. This altered binary contained unauthorized telemetry and data exfiltration capabilities, features entirely absent from the authentic version of the tool.
The embedded malware was designed to generate unredacted IaC scan reports, encrypt them, and then covertly transmit the results to an attacker-controlled external endpoint located at https://audit.checkmarx[.]cx/v1/telemetry. Organizations that utilized these compromised images to scan their IaC files must consider any exposed secrets, cloud credentials, or API keys as potentially compromised.
Intriguingly, the malicious binary shared its Command and Control (C2) server address with a separate JavaScript payload identified as mcpAddon.js. This common C2 infrastructure suggests a coordinated, multi-component attack strategy deployed by the threat actors.
VS Code Extensions Also Compromised
As Socket researchers broadened their investigation, the scope of the compromise extended beyond Docker Hub. Trojanized versions of Checkmarx’s VS Code and Open VSX extensions were also discovered. Specifically, affected versions included cx-dev-assist 1.17.0 and 1.19.0, and ast-results 2.63.0 and 2.66.0.
Upon activation, these compromised extensions surreptitiously downloaded a second-stage payload, mcpAddon.js, from a hardcoded GitHub URL. This URL pointed to an orphaned, backdated commit (68ed490b) within the official Checkmarx repository. The payload was then executed using the Bun runtime, bypassing user consent and integrity verification checks.
The mcpAddon.js file, a heavily obfuscated JavaScript bundle weighing approximately 10MB, functioned as a full-featured credential stealer. It systematically harvested GitHub authentication tokens, AWS credentials, Azure and Google Cloud tokens, npm configuration files, SSH keys, and environment variables. The collected data was then compressed, encrypted, and exfiltrated to the attacker’s endpoint.
The malware’s capabilities extended beyond mere credential theft. Leveraging stolen GitHub tokens, it injected malicious GitHub Actions workflows (.github/workflows/format-check.yml) into repositories where the victim possessed write access. This workflow exploited ${{ toJSON(secrets) }} to serialize and exfiltrate the entire secrets context of each targeted repository as a downloadable artifact. Furthermore, stolen npm tokens were abused to identify and republish writable packages, facilitating downstream supply chain propagation across the npm ecosystem.
The threat actor group “TeamPCP” appears to be claiming responsibility for the attack. Their account on X posted taunting messages after the story broke, stating, “Thank you OSS distribution for another very successful day at PCP inc.” This behavior is consistent with TeamPCP’s previous campaign in March 2026, which also involved compromising Checkmarx GitHub Actions and OpenVSX plugins in a broader supply chain attack targeting Trivy and LiteLLM.
What You Should Do
- Remove and Replace: Immediately remove all affected KICS Docker images, VS Code extensions, and GitHub Actions from developer systems and CI/CD pipelines. Replace them with verified, legitimate versions.
- Rotate Credentials: Promptly rotate all GitHub tokens, npm tokens, cloud credentials (AWS, Azure, GCP), SSH keys, and any other CI/CD secrets that were exposed to environments utilizing the compromised components.
- Audit GitHub Repositories: Conduct a thorough audit of GitHub repositories for unauthorized workflow files (e.g.,
.github/workflows/format-check.yml), unexpected branch creation, suspicious artifact downloads, and public repositories matching the pattern<word>-<word>-<3 digits>with the description “Checkmarx Configuration Storage.” - Hunt for Indicators of Compromise (IoCs): Actively hunt for outbound connections to
94[.]154[.]172[.]43oraudit.checkmarx[.]cx. Look for unexpected execution of the Bun runtime and unauthorized access attempts to.npmrc,.envfiles, or cloud credential stores. - Pin Docker Images: As a best practice, always pin Docker image references to specific SHA256 digests rather than relying on mutable tags (e.g.,
latest,alpine) to prevent similar supply chain attacks.
Socket has shared its findings with the Checkmarx security team, and the Docker repository has been archived, with all affected tags restored to verified legitimate releases. Socket continues to provide updated technical analysis as the investigation progresses.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.



No Comment! Be the first one.