The ongoing supply chain attack involving the widely used Trivy security scanner has escalated further, with researchers uncovering the distribution of credential-stealing malware through malicious Docker images. The compromised images, published on Docker Hub, contained an infostealer linked to the same campaign that previously targeted Trivy’s GitHub Actions and software packages.
According to findings, specific Docker image versions—including 0.69.4, 0.69.5, and 0.69.6—were maliciously modified and pushed without corresponding official releases, indicating unauthorized tampering. These versions embedded a payload associated with the “TeamPCP” threat group, which has been actively involved in exploiting cloud-native environments.
The attack builds on an earlier compromise in which attackers used stolen credentials to inject malware into trusted Trivy components. The infostealer is designed to extract sensitive data such as authentication tokens and secrets from developer environments, particularly within CI/CD pipelines and containerized workflows.
The breach has had cascading effects across the software ecosystem. Stolen credentials have been leveraged to compromise dozens of npm packages, enabling the spread of a self-propagating worm known as “CanisterWorm.” This malware can automatically infect new systems by harvesting tokens and redistributing malicious code, significantly increasing the scale and speed of the attack.
In a further escalation, researchers identified destructive capabilities linked to the campaign. A newly discovered payload can spread laterally via SSH keys and exposed Docker APIs, while also deploying a wiper targeting Kubernetes environments. In certain cases, the malware has been observed wiping entire systems by deleting data and forcing reboots, highlighting the transition from espionage to potential sabotage.
The attackers are believed to have gained access through a compromised service account token, which provided administrative control across multiple GitHub environments. This single point of failure enabled widespread repository tampering and malware distribution within minutes, demonstrating the risks associated with long-lived credentials and interconnected systems.
Security experts warn that the attack is still evolving and could continue to impact organizations using affected versions of Trivy or related tools. Developers and enterprises are being urged to avoid compromised versions, rotate all credentials, secure exposed infrastructure, and treat recent executions of the tool as potentially compromised. The incident underscores the growing sophistication of supply chain attacks and the increasing focus of threat actors on exploiting trusted developer tools to infiltrate large-scale environments.
- Advertisement -
