Trivy, the popular open-source vulnerability scanner maintained by Aqua Security, has suffered its second supply chain compromise within a month. Attackers force-pushed malicious version tags to the official GitHub Actions repositories, specifically aquasecurity/trivy-action and aquasecurity/setup-trivy. The incident was facilitated by compromised credentials that remained vulnerable following an earlier containment attempt, allowing the adversary to weaponize trusted version references to distribute an infostealer.
The malicious payload targets sensitive CI/CD secrets such as SSH keys, cloud credentials, and Kubernetes tokens. It establishes persistence on developer machines through systemd services and exfiltrates data to an attacker-controlled server. If the primary exfiltration fail, the malware utilizes stolen GitHub Personal Access Tokens to stage data in public repositories. Security researchers attribute the activity to a group known as TeamPCP, noted for cloud-native data theft and extortion.
To mitigate this risk, users are advised to treat all pipeline secrets as compromised and rotate them immediately. Security experts emphasize pinning GitHub Actions to full SHA hashes instead of mutable version tags to prevent tag-poisoning attacks. Additionally, organizations should monitor for repositories named "tpcp-docs" and block the known exfiltration domain and associated IP address.
Top comments (0)