New Checkmarx supply-chain breach affects KICS analysis tool
Source: Bleeping Computer
Overview
Hackers have compromised Docker images, VS Code, and Open VSX extensions for the Checkmarx KICS analysis tool to harvest sensitive data from developer environments.
KICS (Keeping Infrastructure as Code Secure) is a free, open‑source scanner that helps developers identify security vulnerabilities in source code, dependencies, and configuration files. The tool is typically run locally via CLI or Docker and processes sensitive infrastructure configurations that often contain credentials, tokens, and internal architecture details.
Investigation
Dependency‑security company Socket investigated the incident after receiving an alert from Docker about malicious images pushed to the official checkmarx/kics Docker Hub repository.
The compromise extended beyond the trojanized KICS Docker image to VS Code and Open VSX extensions, which downloaded a hidden “MCP addon” feature designed to fetch the secret‑stealing malware. The addon was retrieved from a hard‑coded GitHub URL as mcpAddon.js, a multi‑stage credential‑theft and propagation component.
Targeted Data
The malware targets data processed by KICS, including:
- GitHub tokens
- Cloud credentials (AWS, Azure, Google Cloud)
- npm tokens
- SSH keys
- Claude configs
- Environment variables
The stolen data is encrypted and exfiltrated to audit.checkmarx.cx, a domain impersonating legitimate Checkmarx infrastructure. Public GitHub repositories are automatically created for data exfiltration.
.jpg)
Automatically created GitHub repositories
Source: Socket
Impact
Docker tags were temporarily repointed to a malicious digest. The dangerous timeframe for the Docker Hub KICS image was:
- 2026‑04‑22 14:17:59 UTC to 2026‑04‑22 15:41:31 UTC
Affected tags have since been restored to their legitimate image digests, and the fake v2.1.21 tag was deleted entirely.
Developers who downloaded the compromised artifacts should assume their secrets are compromised, rotate them immediately, and rebuild their environments from a known safe point.
Attribution
The attack was publicly claimed by the TeamPCP hackers, who previously carried out supply‑chain compromises of the Trivy and LiteLLM projects. However, researchers could not find sufficient evidence beyond pattern‑based correlations to confidently attribute this incident to them.
Response from Checkmarx
BleepingComputer reached out to Checkmarx for a statement; a comment was not immediately available. Checkmarx has published a security bulletin about the incident, assuring users that all malicious artifacts have been removed and that exposed credentials have been revoked and rotated. The company is investigating with external experts and will provide further information as it becomes available.
Mitigation Recommendations
- Block access to
checkmarx.cx→91.195.240.123andaudit.checkmarx.cx→94.154.172.43. - Use pinned SHA digests for Docker images and extensions.
- Revert to known safe versions (see below).
- Rotate all secrets and credentials if compromise is suspected or confirmed.
Safe Versions
- Docker Hub KICS v2.1.20
- Checkmarx
ast-github-actionv2.3.36 - Checkmarx VS Code extensions v2.64.0
- Checkmarx Developer Assist extension v1.18.0
