Malicious KICS Docker Images and VS Code Extensions Compromise Checkmarx Supply Chain
Cybersecurity researchers have raised alarms regarding a significant supply chain compromise involving malicious images uploaded to the official “checkmarx/kics” Docker Hub repository. This incident highlights vulnerabilities in software distribution channels that can have far-reaching implications for organizations relying on these tools for security assessments.
Overview of the Incident
In a recent alert, Socket, a software supply chain security company, disclosed that unidentified threat actors had overwritten existing tags in the Docker repository, including versions v2.1.20 and alpine. They also introduced a new tag, v2.1.21, which does not align with any official release. As of the latest updates, the Docker repository has been archived.
Socket’s analysis revealed that the compromised KICS binary was modified to incorporate data collection and exfiltration capabilities absent in the legitimate version. This malware can generate uncensored scan reports, encrypt them, and transmit them to external endpoints, posing a severe risk for teams using KICS to scan infrastructure-as-code files that may contain sensitive information.
Impact on Developer Tools
Further investigation into the incident has uncovered that related Checkmarx developer tools, particularly recent Microsoft Visual Studio Code (VS Code) extensions, may also have been compromised. These extensions reportedly contain malicious code designed to download and execute a remote addon via the Bun runtime.
The malicious behavior was identified in versions 1.17.0 and 1.19.0 of the affected extensions, while it was removed in version 1.18.0. The malware relied on a hard-coded GitHub URL to fetch and execute additional JavaScript without user consent or integrity verification.
Affected Extensions
The following Checkmarx extensions have been confirmed as compromised:
- checkmarx/cx-dev-assist@1.17.0
- checkmarx/cx-dev-assist@1.19.0
- checkmarx/ast-results@2.63.0
- checkmarx/ast-results@2.66.0
These extensions include a multi-stage credential theft and propagation component that activates upon extension use, downloading a file named “mcpAddon.js” from a GitHub URL. The naming suggests an attempt to disguise the malware as a benign Model Context Protocol (MCP) feature.
Technical Analysis of the Attack
The attack began with the injection of a backdated commit into the ‘Checkmarx/ast-vscode-extension’ repository. This commit was crafted to appear legitimate, spoofed to look like it originated in 2022 and attached to a real commit as its parent. However, it introduced a substantial file, approximately 10MB in size, named modules/mcpAddon.js.
This malicious file is capable of harvesting developer and cloud credentials, compressing and encrypting the results, and transmitting them to a public GitHub repository created within victim accounts using stolen GitHub access tokens. The data targeted includes:
- GitHub authentication tokens
- Amazon Web Services (AWS) credentials
- Microsoft Azure authentication tokens
- Google Cloud credential databases
- NPM configuration files
- SSH keys and configuration files
- Environment variables
- Claude and other MCP configuration files
The attack chain is designed not only to exfiltrate sensitive data but also to create new pathways for supply chain propagation. The malware can discover repositories configured with GitHub Actions secrets, create new branches for them, and inject a rogue workflow to extract CI/CD secrets during automated push events.
Broader Implications for Supply Chain Security
The evidence suggests that this incident is part of a broader supply chain compromise affecting multiple Checkmarx distribution channels. The threat actor, identified as TeamPCP, has been linked to previous attacks on Checkmarx, including a March 2026 incident that compromised two of Checkmarx’s GitHub Actions workflows to deploy a credential stealer.
To mitigate the threat, developers who have utilized the affected Checkmarx artifacts are advised to take immediate action. Recommended steps include:
- Removing the compromised extensions, actions, and container images from all developer systems and build environments.
- Rotating any exposed credentials, including GitHub tokens, npm tokens, cloud credentials, SSH keys, and CI/CD secrets.
- Reviewing GitHub for unauthorized repository creation and suspicious workflows.
- Auditing npm for unauthorized package publications.
- Monitoring access logs for unusual secret access, token usage, and newly issued credentials in cloud environments.
Organizations that have used the compromised KICS image to scan Terraform, CloudFormation, or Kubernetes configurations should treat any exposed secrets or credentials as likely compromised.
Conclusion
This incident underscores the critical importance of securing software supply chains and the potential consequences of vulnerabilities within widely used developer tools. As organizations increasingly rely on automated tools for security assessments, the need for vigilance and proactive measures becomes paramount.
For further details on this incident, refer to the original reporting source: The Hacker News.
Keep reading for the latest cybersecurity developments, threat intelligence and breaking updates from across the Middle East.
