Security researchers have uncovered a major supply chain attack targeting the official Checkmarx KICS repository on Docker Hub. Threat actors pushed trojanized container images capable of harvesting and exfiltrating sensitive developer credentials, cloud tokens, and infrastructure-as-code secrets. Docker’s internal monitoring flagged suspicious activity around KICS image tags on April 22, 2026 and alerted Socket researchers, who quickly confirmed the compromise.
What Was Tampered With
Investigators determined that the attackers had overwritten several existing tags in the checkmarx/kics repository — including v2.1.20, debian, alpine, and latest — and introduced a brand-new v2.1.21 tag that had no corresponding legitimate upstream release. All affected tags have since been reverted to their prior legitimate releases.
KICS, short for “Keeping Infrastructure as Code Secure,” is an open-source tool widely used by DevOps and security teams to scan Terraform, CloudFormation, Pulumi, and Kubernetes configurations for misconfigurations. Its broad adoption across CI/CD pipelines made it an especially high-value target.
A Trojanized Binary Designed to Steal Secrets
Analysis of the poisoned KICS images revealed that the bundled Golang ELF binary had been modified with unauthorized telemetry and data exfiltration capabilities entirely absent from the legitimate version. The malware was designed to produce uncensored IaC scan reports, encrypt the results, and silently transmit them to an attacker-controlled endpoint at https://audit.checkmarx[.]cx/v1/telemetry — a deliberately typo-squatted domain.
Any organization that ran the affected images to scan infrastructure-as-code repositories should treat all secrets, cloud credentials, and API keys that appeared in those scans as potentially compromised.
Checkmarx Extensions Were Weaponized Too
As Socket expanded its investigation, the scope broadened well beyond Docker Hub. Trojanized versions of Checkmarx’s VS Code and Open VSX extensions were also identified, specifically:
cx-dev-assistversions 1.17.0 and 1.19.0ast-resultsversions 2.63.0 and 2.66.0
Upon activation, these extensions silently downloaded a second-stage payload called mcpAddon.js from a hardcoded GitHub URL pointing to an orphaned, backdated commit in Checkmarx’s official repository and executed it using the Bun runtime without user consent or integrity verification.
Inside mcpAddon.js — A Full Credential Stealer
The mcpAddon.js payload is a heavily obfuscated, roughly 10 MB JavaScript bundle that functions as a full-featured credential stealer. It harvests:
- GitHub authentication tokens
- AWS access keys and session tokens
- Azure and Google Cloud credentials
- npm configuration files (
.npmrc) - SSH keys
- Environment variables, including CI/CD secrets
Collected data is compressed, encrypted, and exfiltrated to the same attacker-controlled endpoint as the poisoned container binary, indicating a coordinated, multi-component attack infrastructure.
Recommended Actions
Organizations that consumed the affected artifacts should assume compromise and take the following steps:
- Pin dependencies to known-good digests rather than mutable tags such as
latestoralpine. - Rotate all secrets, cloud credentials, and API keys that may have been read by KICS scans or handled in CI/CD pipelines where the compromised extensions were installed.
- Remove any installed
cx-dev-assist1.17.0/1.19.0 orast-results2.63.0/2.66.0 extensions and inspect endpoints for residual malicious artifacts. - Block outbound traffic to
audit.checkmarx[.]cxand hunt for historical connections to that domain in network logs.
Why Supply Chain Attacks Keep Winning
The Checkmarx incident is a textbook example of how defenders can be hit through the very tools they rely on to find misconfigurations. Tag overwrites on Docker Hub, unverified marketplace extensions, and silent in-process payload fetching combine to create an almost invisible attack chain. Enforcing digest pinning, signed artifacts, and strict extension vetting is no longer optional — it is foundational to any modern DevSecOps program.