Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain

Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain
好的，我现在需要帮用户总结一篇文章的内容，控制在100个字以内。首先，我得仔细阅读文章，理解其主要内容。文章主要讲的是网络安全研究人员警告恶意图像被推送到官方的“checkmarx/kics”Docker Hub仓库。Socket公司指出，未知威胁行为者覆盖了现有标签，并引入了一个新的v2.1.21标签。这些被污染的镜像包含了数据收集和外泄的能力，导致使用KICS扫描基础设施代码的团队面临风险。此外，相关的Checkmarx开发工具也可能受到影响，比如微软的Visual Studio Code扩展版本中存在恶意代码。文章还提到这可能是一个更广泛的供应链妥协的一部分。接下来，我需要将这些信息浓缩到100字以内，确保涵盖主要事件：恶意镜像、影响范围、风险以及供应链问题。同时，避免使用“文章内容总结”之类的开头语。可能的结构是：描述事件发生、影响、风险以及可能的更大背景。这样可以确保信息全面且简洁。最后，检查字数是否在限制内，并确保语言流畅自然。 </think> 网络安全研究人员警告称，恶意图像被推送到官方"checkmarx/kics" Docker Hub仓库。攻击者覆盖了现有标签并添加了新的未发布版本标签。被污染的镜像包含非法数据收集和外泄功能，可能导致团队在扫描基础设施代码时泄露敏感信息。此外，相关Checkmarx开发工具也可能受到影响。 2026-4-22 17:55:0 Author: thehackernews.com(查看原文) 阅读量:13 收藏

Cloud Security / Software Security

Cybersecurity researchers have warned of malicious images pushed to the official "checkmarx/kics" Docker Hub repository.

In an alert published today, software supply chain security company Socket revealed that unknown threat actors managed to have overwritten existing tags, including v2.1.20 and alpine, while also introducing a new v2.1.21 tag that does not correspond to an official release. The Docker repository has been archived as of writing.

"Analysis of the poisoned image indicates that the bundled KICS binary was modified to include data collection and exfiltration capabilities not present in the legitimate version," Socket said.

"The malware could generate an uncensored scan report, encrypt it, and send it to an external endpoint, creating a serious risk for teams using KICS to scan infrastructure-as-code files that may contain credentials or other sensitive configuration data."

Further analysis of the incident has uncovered that related Checkmarx developer tooling may also have been affected, such as recent Microsoft Visual Studio Code extension releases that come with malicious code to download and run a remote addon through the Bun runtime.

"The behavior appeared in versions 1.17.0 and 1.19.0, was removed in 1.18.0, and relied on a hardcoded GitHub URL to fetch and run additional JavaScript without user confirmation or integrity verification," Socket added.

Organizations that may have used the affected KICS image to scan Terraform, CloudFormation, or Kubernetes configurations should treat any secrets or credentials exposed to those scans as likely compromised.

"The evidence suggests this is not an isolated Docker Hub incident, but part of a broader supply chain compromise affecting multiple Checkmarx distribution channels," the company noted.

The Hacker News has contacted Checkmarx for further information, and we will update the story if we hear back.

(This is a developing story. Please check back for more details.)

Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.

文章来源: https://thehackernews.com/2026/04/malicious-kics-docker-images-and-vs.html
如有侵权请联系:admin#unsafe.sh