Checkmarx KICS – Hackers trojanized the KICS Docker image and related VS Code/Open VSX extensions, aiming to steal tokens and cloud credentials. Rotation and safe versions are advised.
A supply-chain breach involving Checkmarx’s KICS security scanner has been tied to malicious Docker images and developer extensions designed to harvest sensitive data.
At the center of the incident is KICS—Keeping Infrastructure as Code Secure—a widely used. free open-source tool that helps developers spot vulnerabilities in code. dependencies. and configuration files.. The problem is that KICS typically runs in environments loaded with high-value secrets: API tokens. cloud credentials. SSH keys. and other internal configuration details.. If a compromised component can access what KICS processes, it doesn’t just “scan” it—it can potentially extract it.
Misryoum reports that Socket traced the attack after receiving an alert from Docker about malicious images pushed to the official checkmarx/kics repository.. The trojanized image wasn’t a one-off.. The compromise also extended to VS Code and Open VSX extensions. which pulled down a hidden capability dubbed an “MCP addon.” That add-on ultimately fetched a JavaScript file from a hardcoded GitHub URL. described as a multi-stage credential theft and propagation component.
What makes this breach especially concerning is the precision of the targeting.. According to the researchers. the malware focused on the same kinds of data KICS is already designed to analyze—GitHub tokens. AWS/Azure/Google Cloud credentials. npm tokens. SSH keys. Claude configuration. and environment variables.. After collecting that material. the malware encrypted it and exfiltrated it to a domain meant to masquerade as legitimate Checkmarx infrastructure.. In addition, automated GitHub repositories were reportedly created as part of the exfiltration workflow.
The timeline matters.. Docker tags were temporarily repointed to a malicious digest, meaning impact depended on when a developer pulled the image.. Misryoum understands the dangerous window for the Docker Hub KICS image was from 2026-04-22 14:17:59 UTC to 2026-04-22 15:41:31 UTC.. Afterwards, affected tags were restored to their legitimate digests, and the fake “v2.1.21” tag was deleted entirely.
For developers. the immediate takeaway is practical rather than abstract: if you downloaded the affected artifacts. assume secrets may have been exposed.. Rotation is the recommended first move—replace tokens, revoke credentials, and rebuild environments from a known safe point.. Misryoum also flags that this kind of attack doesn’t always require obvious symptoms; it can remain hidden long enough to siphon data silently during a scan run.
The ripple effect is also worth understanding.. KICS is often executed inside CI pipelines, local developer setups, or automated security checks.. Those places frequently have short-lived but powerful permissions, and many teams reuse credentials across workflows.. Even a brief supply-chain compromise can therefore turn a routine security scan into an unexpected credential collection event.
Misryoum notes that attribution remains cautious.. While hackers calling themselves TeamPCP claimed a related campaign involving Trivy and LiteLLM. the researchers did not find enough evidence to confidently connect the KICS compromise beyond pattern-based correlations.. In the meantime. Checkmarx published a security bulletin stating that malicious artifacts have been removed and that exposed credentials were revoked and rotated. while the company continues investigating with help from external experts.
From an operational standpoint, the guidance is clear.. Misryoum reports recommendations include blocking access to specific suspicious endpoints—’checkmarx.cx => 91[.]195[.]240[.]123’ and ‘audit.checkmarx.cx => 94[.]154[.]172[.]43’—using pinned SHAs. reverting to known safe versions. and rotating secrets if any compromise is suspected or confirmed.
Safe versions were listed as: DockerHub KICS v2.1.20. Checkmarx ast-github-action v2.3.36. Checkmarx VS Code extensions v2.64.0. and Checkmarx Developer Assist extension v1.18.0.. For anyone running KICS as part of a workflow. the lesson is bigger than a single tool update: treat supply-chain verification as an ongoing control. not a one-time checkbox—pin artifacts. limit token scope. and ensure scans run with the minimum secrets required for their task.