A serious software supply chain attack has been uncovered targeting developer tools associated with Checkmarx. Security researchers warn that compromised Docker images and Visual Studio Code extensions were used to steal sensitive data and spread malware across development environments.
Poisoned Docker Images Discovered
According to findings from Socket, attackers managed to manipulate the official “checkmarx/kics” Docker Hub repository. They replaced legitimate image tags such as v2.1.20 and alpine, and even introduced a fake version labeled v2.1.21, which was never officially released.
The altered images contained a modified KICS binary embedded with hidden data collection and exfiltration functionality. Instead of performing only security scans, the malicious version could generate reports, encrypt them, and secretly transmit the data to external servers.
This creates a major risk for teams scanning infrastructure-as-code files, which often include sensitive credentials and configuration data.
Compromised VS Code Extensions
Further investigation revealed that developer tools connected to Checkmarx were also affected, particularly extensions available on Microsoft Visual Studio Code.
Malicious behavior was identified in specific versions of the extensions, where hidden code downloaded and executed additional payloads using the Bun runtime. This process occurred without user awareness or proper validation.
The impacted extensions include:
- cx-dev-assist versions 1.17.0 and 1.19.0
- ast-results versions 2.63.0 and 2.66.0
Multi-Stage Credential Theft Operation
The compromised extensions deployed a multi-step attack designed to steal and propagate credentials. Upon activation, a file named “mcpAddon.js” was downloaded from a remote repository. The naming was intended to disguise it as a legitimate Model Context Protocol component.
Attackers inserted a backdated commit into the source repository, making it appear trustworthy while secretly embedding a large malicious file. This allowed the malware to blend in with legitimate development updates.
Sensitive Data Targeted
The malware was capable of harvesting a wide range of sensitive information, including:
- GitHub authentication tokens
- AWS, Azure, and Google Cloud credentials
- NPM configuration files
- SSH keys and system configurations
- Environment variables
- AI-related configuration files
Collected data was compressed, encrypted, and uploaded to attacker-controlled repositories created using stolen GitHub credentials. Additionally, secrets were transmitted to a remote endpoint controlled by the attackers.
Advanced Propagation Techniques
The attack extended beyond simple data theft. Using stolen credentials, the malware:
- Created malicious GitHub repositories with structured naming patterns
- Injected rogue GitHub Actions workflows to capture CI/CD secrets
- Automatically triggered workflows to extract sensitive data
- Deleted traces of activity to avoid detection
In its final stage, the operation spread like a worm within the npm ecosystem. Attackers used stolen npm credentials to republish hundreds of packages embedded with malicious code, significantly expanding the attack’s reach.
Broader Supply Chain Impact
Researchers believe this incident is part of a larger campaign affecting multiple distribution channels. There are indications that the threat group known as TeamPCP may be behind the attack.
This is not the first time the group has targeted Checkmarx. A similar breach occurred earlier in 2026, impacting GitHub Actions workflows and other developer tools across the ecosystem.
Found this article interesting? Follow us on X (Twitter) , Facebook, Blue sky and LinkedIn to read more exclusive content we post.
