A recent cyberattack has compromised the official Checkmarx KICS Docker Hub repository, allowing malicious actors to inject harmful code. This breach, aimed at the supply chain, resulted in the deployment of altered images that can extract sensitive developer credentials and infrastructure secrets.
Discovery and Investigation
On April 22, 2026, Docker’s internal surveillance detected unusual activity related to KICS image tags, leading to an alert to Socket researchers. The ensuing investigation exposed that attackers had tampered with existing tags like v2.1.20 and alpine, and introduced a new v2.1.21 tag absent from legitimate releases.
The compromised tags, including v2.1.20-debian, v2.1.20, debian, alpine, and latest, have since been restored to their original, legitimate versions. KICS, an open-source tool for scanning infrastructure code for security issues, is widely used in CI/CD processes, making it an attractive target for attackers.
Malware Capabilities and Impact
The analysis of the tampered KICS images revealed modifications in the bundled ELF binary, originally written in Golang. These changes introduced unauthorized telemetry and data exfiltration features, absent in the authentic version.
The malware’s functionality included generating uncensored infrastructure-as-code scan reports, encrypting them, and secretly dispatching them to a server at https://audit.checkmarx[.]cx/v1/telemetry. Organizations utilizing the affected images are advised to consider any exposed secrets or credentials as compromised.
The malicious binary shared a Command and Control server address with a JavaScript payload known as mcpAddon.js, indicating a coordinated attack framework.
Broader Implications and Response
Further investigation revealed the attack extended beyond Docker Hub, affecting Checkmarx’s VS Code and Open VSX extensions, specifically cx-dev-assist versions 1.17.0 and 1.19.0, and ast-results versions 2.63.0 and 2.66.0. These extensions downloaded a second-stage payload, mcpAddon.js, executing it without user consent.
The mcpAddon.js file, a heavily obfuscated JavaScript bundle, acted as a credential stealer, harvesting various tokens and credentials. It also manipulated GitHub Actions workflows to exfiltrate secrets and republished writable npm packages, exacerbating the supply chain threat.
The hacking group TeamPCP claimed responsibility for the attack, continuing their pattern of targeting Checkmarx’s infrastructure.
Security Measures and Recommendations
In response to the breach, security teams should immediately remove all affected Docker images, VS Code extensions, and GitHub Actions from their systems. Rotating all credentials and auditing repositories for unauthorized changes are crucial steps.
Monitoring for connections to 94[.]154[.]172[.]43 or audit.checkmarx[.]cx, and verifying Docker image references with SHA256 digests are recommended to mitigate further risks.
As the situation evolves, Socket continues to collaborate with Checkmarx in updating technical analyses and ensuring the integrity of restored tags.
