Trivy Supply Chain Attack Spreads Through Compromised Docker Hub Images

A major supply chain attack is growing in the cybersecurity world. After a recent breach of the GitHub aquasecurity/trivy-action repository, Socket's threat researchers have found a dangerous escalation. Malicious people have now been able to post hacked Trivy software directly to Docker Hub.

This new change puts a lot of organizations in a lot of danger because Trivy is a very popular open-source security scanner that developers use to find holes in automated pipelines. Following the hacked versions and malware On March 22, the attack entered a new phase when hackers sent Docker Hub two new software image tags. There were no official releases on GitHub that matched these new tags, which were called 0.69.5 and 0.69.6.

Even more worrying, the standard "latest" tag on Docker Hub now takes users to version 0.69.6. Security experts looked at the bad files and confirmed that they have the same bad code that was seen earlier in this attack. Trivy Attack Hits DockerHub (Source: socket) The TeamPCP infostealer is the biggest threat.

This kind of malware is made to sneak into systems and steal private data like passwords, security tokens, and API keys without anyone noticing. The attackers spelled the domain wrong on purpose to make it look like a real Aqua Security website. Researchers also found stolen data files called payload.enc and tpcp.tar.gz, as well as hidden code that points to a backup GitHub repository called tpcp-docs.

Trivy Attack Hits DockerHub (Source: socket) To help security teams deal with this situation, here is a clear list of the people who were recently affected. Trivy versions: Current Status of Each Version Technical Information 0.69.3 is safe. This is still the last known safe and clean release.

0.69.4 Compromised The first bad release, which has since been taken down. 0.69.5 is broken A new malicious Docker image that attackers pushed directly. 0.69.6 is broken The most recent "latest" malicious Docker image that is currently active on the platform. Wider Effects and Immediate Security Steps This event may have a much bigger impact than we first thought.

Paul McCarty, a security researcher, said that the main Aqua Security GitHub organization seemed to be open during the attack.

This scary detail makes it seem like the hackers have made private repositories visible to the public for a short time. While the exact details of this exposure are still being looked into, it is clear that the attackers were able to get very deep into the system. According to socket research, if you search for Trivy on Docker Hub, you'll find thousands of software images that are related.

Some of these are official builds, continuous integration tools, and a lot of custom versions made by outside developers. These third-party images aren't usually unsafe, but they do have a hidden risk. If any system downloaded or rebuilt itself automatically using the affected Trivy versions during the attack window, it might now have the bad code. This sends a dangerous wave through the software supply chain.

All businesses that use Trivy need to check their development pipelines right away. Security teams should stay away from the affected versions completely and treat any recent automated scans as possibly having been hacked. Companies can protect their important internal data from the TeamPCP infostealer by acting quickly.