Cybersecurity researchers have uncovered a significant supply chain security incident involving malicious Docker images and Visual Studio Code extensions linked to Checkmarx developer tooling. According to security firm Socket, attackers compromised the official checkmarx/kics Docker Hub repository by overwriting existing image tags such as v2.1.20 and alpine, while also introducing a new v2.1.21 tag that does not correspond to any official release. The repository has since been archived as investigations continue into the scope of the compromise.
Analysis of the compromised Docker images shows that the bundled KICS binary was altered to include unauthorized data collection and exfiltration features not present in legitimate versions. The modified version of the tool is capable of generating scan reports, encrypting them, and transmitting them to external endpoints controlled by threat actors. Since KICS is commonly used to scan infrastructure as code files such as Terraform, CloudFormation, and Kubernetes configurations, the risk is significant as these environments often contain sensitive credentials, tokens, and internal configuration data. Researchers warned that organizations using these images may have unknowingly exposed critical infrastructure secrets during routine scanning operations.
Further investigation revealed that the compromise extends beyond Docker images and affects Checkmarx developer tooling distributed through Microsoft Visual Studio Code extensions. Several extensions were found containing malicious code capable of downloading and executing remote JavaScript components via the Bun runtime without user approval or integrity validation. Affected versions include cx-dev-assist 1.17.0 and 1.19.0, ast-results 2.63.0 and 2.66.0, with evidence showing that version 1.18.0 had the malicious logic removed. The malicious functionality was delivered through a file named mcpAddon.js, which was disguised as a Model Context Protocol related feature but instead acted as a credential harvesting module.
Researchers reported that the attack involved a backdated commit injected into the Checkmarx GitHub repository, designed to appear legitimate by mimicking a 2022 authored change. This commit introduced a large module that enabled multi stage credential theft across developer environments. The malware is capable of collecting GitHub authentication tokens, AWS credentials, Microsoft Azure tokens, Google Cloud authentication data, npm configuration files, SSH keys, environment variables, and additional configuration data tied to AI and MCP systems. The stolen information is then compressed, encrypted, and exfiltrated either to attacker controlled GitHub repositories or to a command and control endpoint hosted at audit.checkmarx.cx/v1/telemetry. At least fifty one repositories have been identified containing the phrase Checkmarx Configuration Storage, indicating a broad effort to aggregate stolen data across multiple victims.
The attack chain demonstrates advanced propagation techniques beyond simple credential theft. Compromised GitHub tokens are used to create new repositories and inject malicious GitHub Actions workflows that extract CI/CD secrets during automated execution. These workflows are designed to activate on push events, after which they delete themselves to reduce detection. The attackers also target npm credentials, identifying writable packages and republishing them with malicious payloads, effectively turning compromised developer access into a distribution channel for further infection. Researchers noted repository naming patterns such as gesserit-melange-813 and prescient-sandworm-556, with the earliest observed creation occurring on April 22, 2026.
Security analysts have linked the activity to a threat actor known as TeamPCP, which has previously targeted Checkmarx infrastructure in earlier incidents involving GitHub Actions workflows. The group has also been associated with broader supply chain attacks affecting multiple development ecosystems. The latest operation appears designed not only to extract sensitive data but also to transform compromised CI/CD pipelines into ongoing propagation mechanisms, expanding the impact across developer environments and cloud infrastructure.
Organizations using affected Checkmarx Docker images or VS Code extensions have been advised to assume potential compromise. Recommended actions include removing affected components from all environments, rotating exposed credentials such as GitHub tokens, cloud keys, SSH keys, and CI/CD secrets, auditing GitHub repositories for unauthorized workflows or branches, reviewing npm package activity for unauthorized publishing, and examining cloud access logs for unusual authentication behavior. Checkmarx has been contacted for further clarification while investigations into the full extent of the compromise remain ongoing.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.
