New Checkmarx supply-chain breach affects KICS analysis tool
Checkmarx KICS tool compromised via Docker, VSCode, and Open VSX to steal developer credentials.
Summary
Attackers compromised Docker images and VSCode/Open VSX extensions for Checkmarx KICS, an infrastructure-as-code security scanner, injecting malware designed to harvest sensitive data from developer environments including GitHub tokens, cloud credentials, SSH keys, and environment variables. The malicious Docker images were live between April 22–23, 2026 for approximately 84 minutes; affected artifacts have since been removed and credentials revoked. The threat actor group TeamPCP claimed responsibility, though researchers found only pattern-based correlations to link it definitively.
Full text
New Checkmarx supply-chain breach affects KICS analysis tool By Bill Toulas April 23, 2026 12:05 PM 0 Hackers have compromised Docker images, VSCode and Open VSX extensions for the Checkmarx KICS analysis tool to harvest sensitive data from developer environments. KICS, short for Keeping Infrastructure as Code Secure, is a free, open-source scanner that helps developers identify security vulnerabilities in source code, dependencies, and configuration files. The tool is typically run locally via CLI or Docker, and processes sensitive infrastructure configs that often contain credentials, tokens, and internal architecture details. Dependency security company Socket investigated the incident after receiving an alert from Docker about malicious images pushed to the official checkmarx/kics Docker Hub repository. The investigation revealed that the compromise extended beyond the trojanized KICS Docker image to VS Code and Open VSX extensions that downloaded a hidden 'MCP addon' feature designed to fetch the secret-stealing malware. Socket found that the 'MCP addon' feature downloaded from a hardcoded GitHub URL "a multi-stage credential theft and propagation component" as mcpAddon.js. According to the researchers, the malware targets precisely the data processed by KICS, including GitHub tokens, cloud (AWS, Azure, Google Cloud) credentials, npm tokens, SSH keys, Claude configs, and environment variables. It then encrypts it and exfiltrates it to audit.checkmarx[.]cx, a domain designed to impersonate legitimate Checkmarx infrastructure. Moreover, public GitHub repositories are automatically created for data exfiltration. Automatically created GitHub repositoriesSource: Socket It is important to clarify that Docker tags were temporarily repointed to a malicious digest, so the impact depends on when they were pulled. The dangerous timeframe for the DockerHub KICS image was from 2026-04-22 14:17:59 UTC to 2026-04-22 15:41:31 UTC. Affected tags have now been restored to their legitimate image digests, and the fake v2.1.21 tag was deleted entirely. Developers who have downloaded the above should consider their secrets compromised, rotate them as soon as possible, and rebuild their environments from a known safe point. While the TeamPCP hackers, responsible for the massive Trivy and LiteLLM supply-chain compromise, claimed the attack publicly, the researchers could not find sufficient evidence beyond pattern-based correlations to confidently attribute it. BleepingComputer has reached out to Checkmarx, an application security testing company, for a statement, but a comment wasn’t immediately available. Meanwhile, the company published a security bulletin about the incident, assuring users that all malicious artifacts have been removed, and their exposed credentials were revoked and rotated. The firm is currently investigating with help from external experts and has promised to provide more information as it becomes available. Users of the compromised tool are recommended to block access to 'checkmarx.cx => 91[.]195[.]240[.]123' and 'audit.checkmarx.cx => 94[.]154[.]172[.]43,' use pinned SHAs, revert to known safe versions, and rotate secrets and credentials if compromise is suspected or confirmed. The latest safe versions of the compromised projects are: DockerHub KICS v2.1.20, Checkmarx ast-github-action v2.3.36, Checkmarx VS Code extensions v2.64.0, and Checkmarx Developer Assist extension v1.18.0. 99% of What Mythos Found Is Still Unpatched. AI chained four zero-days into one exploit that bypassed both renderer and OS sandboxes. A wave of new exploits is coming.At the Autonomous Validation Summit (May 12 & 14), see how autonomous, context-rich validation finds what's exploitable, proves controls hold, and closes the remediation loop. Claim Your Spot Related Articles: GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSXNew npm supply-chain attack self-spreads to steal auth tokensBackdoored Telnyx PyPI package pushes malware hidden in WAV audioTrivy supply-chain attack spreads to Docker, GitHub reposBitwarden CLI npm package compromised to steal developer credentials
Indicators of Compromise
- domain — audit.checkmarx.cx
- domain — checkmarx.cx
- ip — 91.195.240.123
- ip — 94.154.172.43
- malware — mcpAddon.js