Checkmarx hit again, popular tools spreading credential-stealing malware

Published: 23 April 2026
Last updated: 27 April 2026
checkmarx hack
Image by Cybernews.
Listen to this article

Checkmarx, a security company offering tools for developers, has been compromised for a second time in a month. The hackers injected credential-stealing malware into popular free software, including KICS images on Docker Hub and VS Code extensions.

Docker and security teams are alerting users to suspicious activity affecting Checkmarx after the discovery of malware in the company’s security tools.

“Malicious artifacts found in the official Checkmarx KICS Docker Hub repository and VS Code extension,” warns Feross Aboukhadijeh, founder and CEO at Socket.

ADVERTISEMENT

“This looks like a broader supply chain compromise affecting multiple Checkmarx distribution channels.”

KICS (Keeping Infrastructure as Code Secure) is a free security tool for finding vulnerabilities, compliance issues, or misconfigurations. Its Docker container is downloaded over 5 million times.

The attackers swapped the existing versions of KICS, keeping the same tags: including v2.1.20, v2.1.20-debian, alpine, debian, and latest. This means that developers who expected to run an already-trusted version of KICS got a malicious version instead. Attackers also released a new v2.1.21 version.

The affected VS Code extensions include Checkmarx Developer Assist and Checkmarx AST-Results.

Any developers and organizations that pulled compromised tools should treat the incident as a credential exposure and a CI/CD compromise event, Socket warns in a security advisory.

“Organizations that used the affected image to scan Terraform, CloudFormation, or Kubernetes configurations should consider any secrets or credentials exposed to those scans potentially at risk,” the security firm said.

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Follow us
ADVERTISEMENT

Malware automatically propagates down the supply chain

The compromised KICKs containers were modified “to include data collection and exfiltration capabilities.” The malware reportedly generates an uncensored scan report, encrypts it, and sends it to an attacker-controlled server.

Developers use KICS to scan infrastructure-as-code files laden with credentials and other sensitive configuration data, which can be further exploited and snowball to even broader supply chain compromise.

Meanwhile, compromised VS Code extensions include a component “mcpAddon.js,” which is a multi-stage credential theft and propagation malware. It relies on a hardcoded GitHub link to fetch and run additional JavaScript without user confirmation or integrity verification.

“The malware harvests developer and cloud credentials, compresses and encrypts the results, and exfiltrates them both to an external endpoint and to threat actor-created public GitHub repositories under victim accounts,” the Socket researchers said in a report.

Has my data been leaked?
Check Now

Stolen GitHub tokens are abused to inject new GitHub Actions workflows to capture more secrets. Malware then uses stolen credentials to spread – push malicious code into the victim’s npm or GitHub repositories and packages.

The malware captures GitHub Auth tokens, AWS credentials, Microsoft Azure authentication tokens, Google Cloud credential databases, NPM configuration files, SSH keys and configuration files, Environment variables, Claude, and other MCP configuration files. Any of these exposed credentials must be rotated.

Security researchers also recommend that developers audit GitHub for unauthorized repositories, unexpected workflow files, and suspicious activity, check npm for unauthorized package changes, and review cloud access logs for unusual credential use or change.

Ongoing supply chain nightmare

ADVERTISEMENT

TeamPCP, a new and financially motivated threat group that first appeared in late 2025, is suspected to be behind the supply chain attack.

This would make it part of a larger campaign that has been compromising major packages. Checkmarx itself disclosed on March 23rd, 2025, that it was compromised to distribute malware via the OpenVSX marketplace and two GitHub Actions workflows.

This wave of attacks previously targeted the Trivy security scanner and then pivoted to LiteLLM, a massively popular Python library used by millions of AI developers.

The X account, associated with TeamPCP, appears to be taking credit for the most recent Checkmarx compromise.

“Thank you, OSS distribution, for another very successful day at PCP inc.,” the hackers posted.

The TeamPCPs’ supply chain campaign has already been running for months and spans multiple ecosystems, including GitHub, npm, OpenVSX, PyPI, and Docker Hub.

Unlock more exclusive Cybernews content on YouTube.

ADVERTISEMENT
Share
Post
Share
Share
Share
More from Cybernews
Nadella scoffs at AI giants as Microsoft may host China’s DeepSeek
Cruel cyber training in Canada: testing if exhausted employees would fall for a 'day off' scam
Cloudflare gives AI agents temporary accounts to deploy websites without human logins
Developers giving attackers a free ride after hundreds of iPhone AI apps found exposing credentials
This tiny European country is pioneering digital ID for AI agents
Canadian lender TD tells some employees it will use software to monitor their work
ADVERTISEMENT