Hackers have successfully compromised **Docker** images, **VSCode**, and **Open VSX** extensions associated with the **Checkmarx KICS** analysis tool. The objective of this breach was to exfiltrate sensitive data directly from developer environments. ### What is KICS? **KICS** (Keeping Infrastructure as Code Secure) is a free, open-source security scanner designed to help developers identify vulnerabilities within source code, dependencies, and configuration files. It is commonly used locally via CLI or **Docker**, processing sensitive infrastructure configurations that often contain credentials, tokens, and internal architecture details. Dependency security company **Socket** initiated an investigation following an alert from **Docker** regarding malicious images pushed to the official `checkmarx/kics` **Docker Hub** repository. The investigation revealed that the compromise extended beyond the trojanized **KICS Docker** image to **VS Code** and **Open VSX** extensions. These extensions downloaded a hidden 'MCP addon' feature, which was designed to fetch secret-stealing malware. ### The 'MCP Addon' Malware **Socket** discovered that the 'MCP addon' feature downloaded a multi-stage credential theft component, named `mcpAddon.js`, from a hardcoded **GitHub** URL. According to researchers, the malware specifically targets data processed by **KICS**, including **GitHub** tokens, cloud credentials for **AWS**, **Azure**, and **Google Cloud**, **npm** tokens, **SSH** keys, **Claude** configurations, and environment variables. The stolen data is then encrypted and exfiltrated to `audit.checkmarx[.]cx`, a domain impersonating legitimate **Checkmarx** infrastructure. Furthermore, the malware automatically creates public **GitHub** repositories for data exfiltration. .jpg) _Source: Socket_ ### Timeline of the Attack It's crucial to note that **Docker** tags were temporarily repointed to a malicious digest. The impact depends on when the images were pulled. The dangerous timeframe for the **DockerHub KICS** image was from 2026-04-22 14:17:59 UTC to 2026-04-22 15:41:31 UTC. Affected tags have been restored to their legitimate image digests, and the fake `v2.1.21` tag has been completely removed. ### Remediation Steps Developers who downloaded the compromised images during the specified timeframe should consider their secrets compromised. Immediate actions include: * Rotating all secrets as soon as possible. * Rebuilding environments from a known safe point. While the **TeamPCP** hackers, who claimed responsibility for the **Trivy** and **LiteLLM** supply-chain compromises, also claimed this attack, researchers have not found sufficient evidence to definitively attribute the attack beyond pattern-based correlations. ### Checkmarx's Response **Checkmarx** has published a security bulletin regarding the incident, assuring users that all malicious artifacts have been removed, and their exposed credentials were revoked and rotated. The company is actively investigating the incident with the assistance of external experts and has promised further updates. Users of the compromised tool are advised to: * Block access to `checkmarx.cx => 91[.]195[.]240[.]123` and `audit.checkmarx.cx => 94[.]154[.]172[.]43`. * Use pinned SHAs. * Revert to known safe versions. * Rotate secrets and credentials if compromise is suspected or confirmed. The latest safe versions of the compromised projects are: * **DockerHub KICS**: v2.1.20 * **Checkmarx** ast-github-action: v2.3.36 * **Checkmarx VS Code** extensions: v2.64.0 * **Checkmarx** Developer Assist extension: v1.18.0