New Checkmarx supply-chain breach impacts KICS research device

Hackers have compromised Docker photographs, VSCode and Open VSX extensions for the Checkmarx KICS research device to reap delicate information from developer environments.

KICS, quick for Conserving Infrastructure as Code Safe, is a loose, open-source scanner that is helping builders establish safety vulnerabilities in supply code, dependencies, and configuration information.

The device is in most cases run in the neighborhood by means of CLI or Docker, and processes delicate infrastructure configs that frequently comprise credentials, tokens, and inner structure main points.

Dependency safety corporate Socket investigated the incident after receiving an alert from Docker about malicious photographs driven to the reliable checkmarx/kics Docker Hub repository.

The investigation published that the compromise prolonged past the trojanized KICS Docker symbol to VS Code and Open VSX extensions that downloaded a hidden ‘MCP addon’ characteristic designed to fetch the secret-stealing malware.

Socket discovered that the ‘MCP addon’ characteristic downloaded from a hardcoded GitHub URL “a multi-stage credential robbery and propagation element” as mcpAddon.js.

In line with the researchers, the malware goals exactly the knowledge processed via KICS, together with GitHub tokens, cloud (AWS, Azure, Google Cloud) credentials, npm tokens, SSH keys, Claude configs, and surroundings variables.

It then encrypts it and exfiltrates it to audit.checkmarx[.]cx, a site designed to impersonate reliable Checkmarx infrastructure. Additionally, public GitHub repositories are mechanically created for information exfiltration.

You will need to explain that Docker tags have been quickly repointed to a malicious digest, so the have an effect on is dependent upon once they have been pulled. The damaging time-frame for the DockerHub KICS symbol used to be from 2026-04-22 14:17:59 UTC to 2026-04-22 15:41:31 UTC.

Affected tags have now been restored to their reliable symbol digests, and the faux v2.1.21 tag used to be deleted completely.

Builders who’ve downloaded the above will have to believe their secrets and techniques compromised, rotate them once conceivable, and rebuild their environments from a identified secure level.

Whilst the TeamPCP hackers, chargeable for the huge Trivy and LiteLLM supply-chain compromise, claimed the assault publicly, the researchers may just now not to find enough proof past pattern-based correlations to hopefully characteristic it.

BleepingComputer has reached out to Checkmarx, an utility safety checking out corporate, for a remark, however a remark wasn’t right away to be had.

In the meantime, the corporate printed a safety bulletin concerning the incident, assuring customers that every one malicious artifacts had been got rid of, and their uncovered credentials have been revoked and circled.

The company is lately investigating with lend a hand from exterior mavens and has promised to offer additional information because it turns into to be had.

Customers of the compromised device are really useful to dam get right of entry to to ‘checkmarx.cx => 91[.]195[.]240[.]123’ and ‘audit.checkmarx.cx => 94[.]154[.]172[.]43,’ use pinned SHAs, revert to identified secure variations, and rotate secrets and techniques and credentials if compromise is suspected or showed.

The newest secure variations of the compromised initiatives are: DockerHub KICS v2.1.20, Checkmarx ast-github-action v2.3.36, Checkmarx VS Code extensions v2.64.0, and Checkmarx Developer Help extension v1.18.0.