Trivy Hack Spreads Infostealer via Docker, Triggers Worm and Kubernetes Wiper
Trivy Hack Spreads Infostealer via Docker, Triggers Worm and Kubernetes Wiper
https://thehackernews.com/2026/03/trivy-hack-spreads-infostealer-via.html
Publish Date: 2026-03-23 04:31:00
Source Domain: thehackernews.com
Cybersecurity researchers have uncovered malicious artifacts distributed via Docker Hub following the Trivy supply chain attack, highlighting the widening blast radius across developer environments.
The last known clean release of Trivy on Docker Hub is 0.69.3. The malicious versions 0.69.4, 0.69.5, and 0.69.6 have since been removed from the container image library.
“New image tags 0.69.5 and 0.69.6 were pushed on March 22 without corresponding GitHub releases or tags. Both images contain indicators of compromise associated with the same TeamPCP infostealer observed in earlier stages of this campaign,” Socket security researcher Philipp Burckhardt said.
The development comes in the wake a supply chain compromise of Trivy, a popular open-source vulnerability scanner maintained by Aqua Security, allowing the threat actors to leverage a compromised credential to push a credential stealer within trojanized versions of the tool and two related GitHub Actions “aquasecurity/trivy-action” and “aquasecurity/setup-trivy.”
The attack has had downstream impacts, with the attackers leveraging the stolen data to compromise dozens of npm packages to distribute a self-propagating worm known as CanisterWorm. The incident is believed to be the work of a threat actor tracked as TeamPCP.
According to the OpenSourceMalware team, the attackers have defaced all 44 internal repositories associated with Aqua Security’s “aquasec-com” GitHub organization by renaming each of them with a “tpcp-docs-” prefix, setting all descriptions to “TeamPCP Owns Aqua Security,” and exposing them publicly.
It’s worth noting that the “aquasec-com” account is distinct from the cloud security vendor’s other well-known GitHub organization account, “aquasecurity,” which hosts the impacted Trivy scanner and GitHub Actions, along with various open-source projects. The newly compromised organization contains proprietary source code, including source code for Tracee, internal Trivy forks, CI/CD pipelines,…
