Cybersecurity researchers have uncovered malicious artifacts distributed via Docker Hub following the Trivy supply chain attack, highlighting the widening blast radius across developer environments.
The last known clean release of Trivy on Docker Hub is 0.69.3.
The malicious versions 0.69.4, 0.69.5, and 0.69.6 have since been removed from the container image library.
"New image tags 0.69.5 and 0.69.6 were pushed on March 22 without corresponding GitHub releases or tags.
Both images contain indicators of compromise associated with the same TeamPCP infostealer observed in earlier stages of this campaign," Socket security researcher Philipp Burckhardt said .
The development comes in the wake a supply chain compromise of Trivy, a popular open-source vulnerability scanner maintained by Aqua Security, allowing the threat actors to leverage a compromised credential to push a credential stealer within trojanized versions of the tool and two related GitHub Actions "aquasecurity/trivy-action" and "aquasecurity/setup-trivy."
The attack has had downstream impacts, with the attackers leveraging the stolen data to compromise dozens of npm packages to distribute a self-propagating worm known as CanisterWorm .