SECURITYWEEK reports that Aqua Security’s Trivy vulnerability scanner was hit by a supply chain attack that began in late February, with a malicious release and forced tag changes across Trivy’s ecosystem. On 1 March, Trivy’s maintainers announced that the project’s GitHub repository had been compromised via a GitHub Actions workflow issue, leading to deleted releases and malicious versions of the VS Code extension published to Open VSIX.
The attack was part of a larger automated campaign that targeted multiple open source repositories, and credentials exfiltrated during the incident were later used in a fresh supply chain attack on Trivy, trivy-action and setup-trivy, according to Aqua.
They say the attacker deployed a compromised Trivy release (v0.69.4) across GitHub Container Registry, Amazon ECR Public and Docker Hub, and forced-pushed 76 of 77 trivy-action tags to malicious commits, resulting in an information stealer capable of dumping Runner[.]Worker memory and exfiltrating secrets. The linked CanisterWorm activity, associated with TeamPCP, expands to the NPM ecosystem with numerous compromised packages, and Aqua notes that none of its commercial products using Trivy were affected.
According to Aqua, the attack is ongoing, with suspicious March activity and a reminder to rotate credentials and check for specific indicators such as a tpcp-docs repository in GitHub.