Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain

Attack Overview

Cybersecurity researchers at software supply chain security firm Socket have disclosed a coordinated supply chain attack targeting Checkmarx KICS — Keeping Infrastructure as Code Secure — an open-source static analysis tool widely used by developers and security teams to find misconfigurations in IaC files such as Terraform, CloudFormation, and Kubernetes manifests.

Unknown threat actors managed to overwrite existing tags on the official checkmarx/kics Docker Hub repository, replacing legitimate images with malicious payloads. Affected tags include v2.1.20 and the alpine variant — among the most commonly pulled versions by CI/CD pipelines.

Simultaneously, the campaign extended to VS Code extensions associated with Checkmarx, further expanding the attack surface to developer workstations and IDE environments.

What Was Compromised

Docker Hub Tag Hijack

The attackers did not create new images or fake repositories — instead, they overwrote existing, trusted tags on the verified checkmarx/kics Docker Hub account. This is a particularly dangerous attack vector because:

Developers and CI/CD pipelines that pin to specific tags (e.g., checkmarx/kics:v2.1.20) would automatically pull the malicious image on the next docker pull or pipeline run.
Docker's content trust mechanism is rarely enforced in practice, so the substitution could go undetected.
Many organizations trust official repository images without independently verifying image digests.

Tag Overwritten	Risk
`v2.1.20`	High — commonly pinned by CI/CD pipelines
`alpine`	High — popular lightweight variant for automated scans

VS Code Extension Compromise

The attack also targeted VS Code extensions linked to the Checkmarx ecosystem. Malicious extensions installed in developer IDEs could:

Silently exfiltrate source code, environment variables, and secrets
Inject malicious code into developer workstations
Pivot to cloud credentials stored in shell profiles or .env files

Who Is Affected

Any organization or individual that:

Runs KICS as a Docker container using the checkmarx/kics image from Docker Hub
Pins to the v2.1.20 or alpine tags
Has installed Checkmarx-related VS Code extensions
Uses KICS in automated CI/CD pipelines (GitHub Actions, GitLab CI, Jenkins, etc.)

Security teams and DevSecOps engineers are particularly at risk, as KICS is often run with elevated access to infrastructure-as-code repositories containing cloud credentials and sensitive configuration.

Recommended Actions

Immediate Response

Stop pulling checkmarx/kics from Docker Hub until Checkmarx confirms the images are clean and provides verified SHA256 digests.
Audit your CI/CD pipeline logs — identify any recent runs that pulled checkmarx/kics:v2.1.20 or checkmarx/kics:alpine and treat the build environment as potentially compromised.
Rotate any secrets exposed in environments where the malicious image may have executed — cloud provider credentials, API keys, tokens in environment variables.
Remove and reinstall VS Code extensions from known-good, verified sources if you installed any Checkmarx extensions recently.

Verification

Use image digest pinning instead of mutable tags to prevent tag-hijack attacks:

# Instead of:
image: checkmarx/kics:v2.1.20
 
# Use a specific SHA256 digest:
image: checkmarx/kics@sha256:<verified-digest>

Always verify the digest against the official Checkmarx release page or GitHub repository before use.

Docker Content Trust

Enable Docker Content Trust to require signed images:

export DOCKER_CONTENT_TRUST=1
docker pull checkmarx/kics:v2.1.20

Note: This only protects you if the publisher signs images — verify that Checkmarx uses Docker Content Trust for KICS.

Broader Supply Chain Context

This attack follows a pattern of increasingly sophisticated supply chain compromises targeting security tooling — a high-value target because security tools often run with privileged access to sensitive infrastructure. Recent similar incidents include:

The Trivy supply chain attack (March 2026) that pushed an infostealer via hijacked GitHub Actions tags
The Axios npm supply chain attack (April 2026) attributed to North Korean group UNC1069
The Glassworm attack targeting VS Code extension and Python repository maintainers

The KICS attack is notable for targeting a security tool specifically — attackers who compromise KICS can intercept IaC scans and potentially suppress vulnerability findings while stealing infrastructure credentials.

Checkmarx Response

Checkmarx has been notified of the compromise via Socket's responsible disclosure process. Organizations should monitor the official Checkmarx security advisories page and the KICS GitHub repository for official guidance and clean image digests.

References

Attack Overview

Simultaneously, the campaign extended to VS Code extensions associated with Checkmarx, further expanding the attack surface to developer workstations and IDE environments.

What Was Compromised

Docker Hub Tag Hijack

Developers and CI/CD pipelines that pin to specific tags (e.g., checkmarx/kics:v2.1.20) would automatically pull the malicious image on the next docker pull or pipeline run.
Docker's content trust mechanism is rarely enforced in practice, so the substitution could go undetected.
Many organizations trust official repository images without independently verifying image digests.

Tag Overwritten	Risk
`v2.1.20`	High — commonly pinned by CI/CD pipelines
`alpine`	High — popular lightweight variant for automated scans

VS Code Extension Compromise

The attack also targeted VS Code extensions linked to the Checkmarx ecosystem. Malicious extensions installed in developer IDEs could:

Silently exfiltrate source code, environment variables, and secrets
Inject malicious code into developer workstations
Pivot to cloud credentials stored in shell profiles or .env files

Who Is Affected

Any organization or individual that:

Runs KICS as a Docker container using the checkmarx/kics image from Docker Hub
Pins to the v2.1.20 or alpine tags
Has installed Checkmarx-related VS Code extensions
Uses KICS in automated CI/CD pipelines (GitHub Actions, GitLab CI, Jenkins, etc.)

Recommended Actions

Immediate Response

Stop pulling checkmarx/kics from Docker Hub until Checkmarx confirms the images are clean and provides verified SHA256 digests.
Audit your CI/CD pipeline logs — identify any recent runs that pulled checkmarx/kics:v2.1.20 or checkmarx/kics:alpine and treat the build environment as potentially compromised.
Rotate any secrets exposed in environments where the malicious image may have executed — cloud provider credentials, API keys, tokens in environment variables.
Remove and reinstall VS Code extensions from known-good, verified sources if you installed any Checkmarx extensions recently.

Verification

Use image digest pinning instead of mutable tags to prevent tag-hijack attacks:

# Instead of:
image: checkmarx/kics:v2.1.20
 
# Use a specific SHA256 digest:
image: checkmarx/kics@sha256:<verified-digest>

Always verify the digest against the official Checkmarx release page or GitHub repository before use.

Docker Content Trust

Enable Docker Content Trust to require signed images:

export DOCKER_CONTENT_TRUST=1
docker pull checkmarx/kics:v2.1.20

Note: This only protects you if the publisher signs images — verify that Checkmarx uses Docker Content Trust for KICS.

Broader Supply Chain Context

The Trivy supply chain attack (March 2026) that pushed an infostealer via hijacked GitHub Actions tags
The Axios npm supply chain attack (April 2026) attributed to North Korean group UNC1069
The Glassworm attack targeting VS Code extension and Python repository maintainers

Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain

Attack Overview

What Was Compromised

Docker Hub Tag Hijack

VS Code Extension Compromise

Who Is Affected

Recommended Actions

Immediate Response

Verification

Docker Content Trust

Broader Supply Chain Context

Checkmarx Response

References

GlassWorm Escalates: 72 Malicious Open VSX Extensions Use

No Exploit Needed: How Attackers Walk Through the Front Door via Identity-Based Attacks

Why the Axios Attack Proves AI Is Mandatory for Supply Chain Security

Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain

Attack Overview

What Was Compromised

Docker Hub Tag Hijack

VS Code Extension Compromise

Who Is Affected

Recommended Actions

Immediate Response

Verification

Docker Content Trust

Broader Supply Chain Context

Checkmarx Response

References

GlassWorm Escalates: 72 Malicious Open VSX Extensions Use

No Exploit Needed: How Attackers Walk Through the Front Door via Identity-Based Attacks

Why the Axios Attack Proves AI Is Mandatory for Supply Chain Security