Checkmarx KICS Docker Hub and VS Code Extensions Poisoned in Fresh Supply Chain Attack

Introduction

Attackers have pushed malicious images to the official checkmarx/kics Docker Hub repository, overwriting legitimate tags and adding a rogue v2.1.21 tag that never corresponded to an official release. On the same day, poisoned versions 1.17.0 and 1.19.0 of Checkmarx VS Code extensions surfaced. The campaign targets KICS, Checkmarx's widely used infrastructure-as-code scanner — turning a defensive tool into an infostealer that exfiltrates developer and CI/CD secrets.

What Happened

Socket's threat research team raised the alarm on April 22 after detecting that tags v2.1.20, alpine, and a brand new v2.1.21 on the checkmarx/kics Docker Hub image had been replaced or created by unknown actors. KICS sits inside the CI/CD pipelines of thousands of organizations — it scans Terraform, CloudFormation, Kubernetes manifests, Dockerfiles, and Helm charts for security misconfigurations. Any pipeline pulling checkmarx/kics:latest or the recently-overwritten tagged versions during the exposure window would have executed the malicious image with full access to whatever the CI job was scanning.

In parallel, two Checkmarx VS Code extension versions — 1.17.0 and 1.19.0 — were published as malicious variants. When installed, they perform broad credential harvesting from the developer workstation: cloud provider credentials (AWS, Azure, GCP), Kubernetes service account tokens and kubeconfigs, SSH keys, Docker registry credentials, and environment variables. Anything that would let an attacker pivot from the developer into the cloud infrastructure being scanned is fair game.

The new wave follows the TeamPCP pattern that hit Checkmarx's GitHub Actions and Open VSX extensions in March 2026 and Aqua Security's Trivy Action days earlier. The same actor appears to be moving down the list of popular DevSecOps tooling, poisoning distribution channels one after another.

Why It Matters

KICS images and extensions are typically trusted at the highest level of any CI/CD pipeline. They are given read access to the entire codebase being scanned, the ability to run during every build, and in many setups they run inside privileged containers with access to secrets needed to evaluate cloud configuration. Compromising KICS gives attackers exactly the initial access profile they want: stealth, broad reach, and a straight path to cloud credentials. The pattern is also disturbing because it targets security scanners — the tools you install specifically to prevent supply chain attacks are themselves becoming the delivery vehicle.

Who Is Affected

• Any CI/CD pipeline that pulled checkmarx/kics Docker images during the exposure window, especially unpinned tags like latest, alpine, or v2.1.20
• Developers who installed Checkmarx VS Code extension versions 1.17.0 or 1.19.0
• Organizations still exposed from the March 2026 Checkmarx compromise who have not yet rotated credentials
• Kubernetes, Terraform, and cloud-native shops that bake KICS into pre-deploy checks

How to Protect Yourself

Stop pulling unpinned KICS images right now. Update every pipeline to pin to a specific digest rather than a tag:

container:
  image: checkmarx/kics@sha256:<verified-digest>

Audit your Docker Hub pulls for the affected tags over the last 48 hours:

docker images --digests | grep checkmarx/kics
grep -r "checkmarx/kics" .github/workflows/ .gitlab-ci.yml Jenkinsfile

Remove the malicious VS Code extensions from every developer machine:

VS Code → Extensions → Search "Checkmarx"
Uninstall any versions 1.17.0 or 1.19.0
Reinstall only from the official Visual Studio Marketplace

From the command line:

code --list-extensions --show-versions | grep -i checkmarx
code --uninstall-extension checkmarx.<extension-id>

Rotate every CI/CD secret that was available to jobs running KICS during the exposure window. At minimum:

• AWS access keys: aws iam create-access-key + aws iam delete-access-key
• Azure service principals: az ad sp credential reset
• GCP service account keys: gcloud iam service-accounts keys create / delete
• Kubernetes service account tokens: regenerate and re-issue kubeconfigs
• GitHub PATs, Docker registry creds, SSH keys tied to CI

Hunt for exfiltration artifacts. The TeamPCP family typically drops a setup.sh or similar loader and writes state to /tmp/pglog and /tmp/.pg_state. Scan CI runners:

find /tmp -maxdepth 2 -name "pglog" -o -name ".pg_state" 2>/dev/null

Review egress logs for unusual POSTs from CI runners to unfamiliar domains — checkmarx.zone was the exfiltration domain in the March wave; the new campaign may use different infrastructure.

Add a longer-term control: pin all third-party GitHub Actions, Docker images, and VS Code extensions by digest or commit SHA rather than tag, and require signature verification for extensions wherever possible.

Source

• The Hacker News — Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain
• Checkmarx — Security Update on Supply Chain Incident
• Wiz — KICS GitHub Action Compromised: TeamPCP Supply Chain Attack