New Checkmarx supply-chain breach affects KICS analysis tool

NEW CHECKMARX SUPPLY-CHAIN BREACH AFFECTS KICS ANALYSIS TOOL

1. Overview

• A security incident involving Checkmarx KICS, a free open-source scanner for infrastructure-as-code security, has been disclosed.
• Attackers compromised Docker images, as well as the VSCode and Open VSX extensions used with the KICS analysis tool, to harvest data from developer environments.
• The breach targeted data processed by KICS, including tokens, credentials, and various configuration secrets embedded in source code, dependencies, and environment settings.

1. What is KICS

• KICS stands for Keeping Infrastructure as Code Secure and is designed to help developers identify security vulnerabilities across code, dependencies, and configuration files.
• The tool is commonly run locally via command line or through Docker, enabling analysis of sensitive infrastructure details that may contain credentials and internal architectural information.

1. Incident Details

• The compromise extended beyond the trojanized KICS Docker image and affected accompanying VS Code and Open VSX extensions.
• A hidden feature named “MCP addon” was downloaded by these extensions from a hardcoded GitHub URL and implemented as mcpAddon.js.
• The MCP addon is described by researchers as a multi-stage credential theft and propagation component, designed to exfiltrate sensitive data processed by KICS.

1. Attack Vector and Artifacts

• The malware targets data processed by KICS, including GitHub tokens, cloud provider credentials (AWS, Azure, Google Cloud), npm tokens, SSH keys, Claude configurations, and other environment variables.
• Exfiltration was directed to audit.checkmarx.cx, a domain that mimics legitimate Checkmarx infrastructure.
• Public GitHub repositories were automatically created as part of the exfiltration infrastructure.

1. Timeline

• The dangerous window for the compromised DockerHub KICS image was 2026-04-22 14:17:59 UTC to 2026-04-22 15:41:31 UTC.
• During this period, Docker tags were temporarily repointed to a malicious digest, impacting users who pulled the image within that window.
• The affected tags have since been restored to legitimate digests, and a fraudulent v2.1.21 tag was removed entirely.

1. Scope and Affected Components

• Affected components included:
• DockerHub KICS image tags
• Checkmarx ast-github-action
• Checkmarx VS Code extensions
• Checkmarx Developer Assist extension
• The incident illustrates how a supply-chain compromise can cascade across multiple tooling vectors used in development workflows.

1. Current Status and Resolution

• Checkmarx published a security bulletin describing the incident, stating that all malicious artifacts were removed and that exposed credentials were revoked and rotated.
• The company is conducting an investigation with the assistance of external experts and has indicated that additional information would be shared as it becomes available.
• The latest safe versions identified for the impacted projects are:
• DockerHub KICS: v2.1.20
• Checkmarx ast-github-action: v2.3.36
• Checkmarx VS Code extensions: v2.64.0
• Checkmarx Developer Assist extension: v1.18.0

1. Attribution and Investigative Notes

• Researchers note that TeamPCP hackers, previously linked to other supply-chain incidents (such as Trivy and LiteLLM compromises), claimed responsibility for the attack publicly.
• Despite these claims, investigators could not establish strong, conclusive evidence tying the incident to TeamPCP beyond pattern-based correlations.
• The attribution remains uncertain until more definitive technical evidence is available.

1. Official Communications and References

• Checkmarx issued a security update and a bulletin detailing the incident, the removal of malicious artifacts, and the rotation of credentials.
• Ongoing investigations involve collaboration with independent security experts to assess scope, impact, and remediation timing.
• Related articles and discussions in the security press have tracked similar supply-chain events affecting development tools and ecosystems.

1. Related Topics and Context

• The breach underscores how dependency scanners and code-analysis tools can be co-opted to harvest secrets when their extension ecosystems are compromised.
• Past events in the same ecosystem have demonstrated that multiple components in a single supply chain (containers, editors, and extensions) can be affected in a coordinated fashion.
• Publicly reported indicators include unauthorized GitHub repositories created to facilitate data exfiltration, and the use of a domain impersonating legitimate infrastructure to receive stolen data.

1. Quick Reference: Affected Versions and Status

• DockerHub KICS: v2.1.20 (latest safe version as of the bulletin)
• Checkmarx ast-github-action: v2.3.36
• Checkmarx VS Code extensions: v2.64.0
• Checkmarx Developer Assist extension: v1.18.0
• Malicious tag observed: v2.1.21 (removed)
• Timeframe of malicious activity: 2026-04-22 14:17:59 UTC to 2026-04-22 15:41:31 UTC

1. Visuals and Additional Context

• A visual reference accompanying the reporting highlighted the broader concern around automated supply-chain compromises and the potential for data exfiltration through compromised tooling.
• Public communications and related write-ups emphasize the importance of prompt credential rotation and artifact removal in response to such events, even though procedural steps are not replicated here.

1. Related Articles (for broader context)

• GlassWorm malware hits 400+ code repositories on GitHub, npm, VSCode, OpenVSX
• New npm supply-chain attack self-spreads to steal auth tokens
• Backdoored Telnyx PyPI package pushes malware hidden in WAV audio
• Trivy supply-chain attack spreads to Docker, GitHub repositories
• CPUID hacked to deliver malware via CPU-Z, HWMonitor downloads

1. Final Note

• The incident illustrates the evolving nature of supply-chain threats in software development, where attackers target multiple layers of the development stack—from container images to editor extensions—to access sensitive data and establish persistence. The ongoing investigation will determine whether further implications emerge as more details are disclosed.