The attack leverages both malicious Docker images on Docker Hub and fake VS Code extensions, requiring developers to verify all artifacts before use.
Attack Method: A Two Pronged Approach
Attackers have compromised the software supply chain of Checkmarx, a prominent application security testing platform, by publishing malicious Docker images and Visual Studio Code extensions. The malicious KICS Docker images, available on Docker Hub, include backdoors that execute upon container startup. Simultaneously, fraudulent VS Code extensions on the marketplace mimic legitimate Checkmarx tools to hook developer environments.
Impact and Scope
The combined campaign affects developers who pull KICS Docker images without verifying signatures or install fake extensions. Successful exploitation could lead to credential theft, code exfiltration, and lateral movement within enterprise networks. No specific CVE identifiers have been assigned yet, but Checkmarx has released guidance to audit Docker image hashes and verify extension publishers. Organizations using KICS in CI/CD pipelines are advised to review their deployments immediately.
Source: The Hacker News
