Checkmarx Docker Hub repository compromised with malicious images

The official Checkmarx KICS Docker Hub repository has been compromised with malicious images, posing a significant threat to software supply chain security. Threat actors overwrote existing tags and introduced a new one containing a modified KICS binary with data collection capabilities, according to a recent report by The Hacker News.

The compromised images, including tags like v2.1.20 and alpine, were found to contain a modified KICS binary designed to exfiltrate sensitive data from scan reports to an external endpoint, according to an alert from Socket. This poses a severe risk to organizations using KICS to scan infrastructure-as-code files, which may contain credentials and other confidential information. Additionally, malicious code was discovered in recent Microsoft Visual Studio Code extension releases associated with Checkmarx tooling, enabling the download and execution of remote addons without user confirmation. Versions 1.17.0 and 1.19.0 of these extensions are confirmed to be affected.

This incident highlights a broader trend of supply chain attacks targeting widely used development tools and repositories. Organizations that utilized the affected KICS image or extensions should assume any secrets or credentials exposed during scans are compromised and take immediate steps to rotate them.

Source: The Hacker News