Today's cybersecurity headlines are brought to you by ThreatPerspective
Ethical Hacking News

A Devastating Supply Chain Attack: Trivy Hack Spreads Infostealer via Docker



A devastating supply chain attack has left organizations vulnerable to exploitation via Docker and Kubernetes, highlighting the need for secure cloud security practices and a review of use in CI/CD pipelines. The attack, attributed to TeamPCP, has spread an infostealer via Trivy and compromised dozens of npm packages to distribute a self-propagating worm known as CanisterWorm.

  • A recent cyber attack exploited a vulnerability in Trivy to spread an infostealer via Docker.
  • The attackers compromised a credential to push a Trojanized version of Trivy, deploying a credential stealer within the Docker container.
  • The attack also compromised dozens of npm packages, distributing a self-propagating worm known as CanisterWorm.
  • A new wiper malware was triggered, spreading through SSH and exploiting exposed Docker APIs on port 2375 across the local subnet.
  • The attackers used a sophisticated approach, targeting Kubernetes and leveraging privilege escalation to deploy malicious containers.
  • Experts urge organizations to review their use of Trivy and avoid using affected versions due to the significant implications for cloud infrastructures.


    • A recent cyber attack has left the security community reeling, as malicious actors have successfully exploited a vulnerability in the popular open-source vulnerability scanner Trivy to spread an infostealer via Docker. The attack, which has been attributed to the threat actor known as TeamPCP, has far-reaching implications for organizations that rely on Docker and Kubernetes in their cloud infrastructures.

    According to cybersecurity researchers, the attackers were able to leverage a compromised credential to push a Trojanized version of Trivy, which then deployed a credential stealer within the Docker container. The infostealer, also known as TeamPCP, was observed earlier stages of this campaign and has since been linked to various other malicious activities.

    But that's not all - the attack has had downstream impacts, with the attackers leveraging the stolen data to compromise dozens of npm packages to distribute a self-propagating worm known as CanisterWorm. The incident is believed to be the work of TeamPCP, who have built a reputation for targeting cloud infrastructures and exploiting vulnerabilities in containerization platforms.

    But what's most alarming is that the attack has also triggered a new wiper malware that spreads through SSH via stolen keys and exploits exposed Docker APIs on port 2375 across the local subnet. The shell script uses the same ICP canister linked to CanisterWorm and then runs checks to identify Iranian systems, indicating a level of sophistication that is unprecedented in the world of cyber attacks.

    "On Kubernetes: deploys privileged DaemonSets across every node, including control plane," said Aikido security researcher Charlie Eriksen. "Iranian nodes get wiped and force-rebooted via a container named 'kamikaze.' Non-Iranian nodes get the CanisterWorm backdoor installed as a systemd service. Non-K8s Iranian hosts get 'rm -rf / --no-preserve-root.'"

    The attack has significant implications for organizations that use Trivy in their CI/CD pipelines, and experts are urging them to review their use of Trivy and avoid using affected versions.

    "This compromise demonstrates the long tail of supply chain attacks," said OpenSourceMalware. "A credential harvested during the Trivy GitHub Actions compromise months ago was weaponized today to deface an entire internal GitHub organization. The Argon-DevOps-Mgt service account — a single bot account bridging two orgs with a long-lived PAT — was the weak link."

    The attack also highlights the importance of secure cloud security practices, particularly when it comes to containerization and Kubernetes. It's a stark reminder that even the most seemingly secure platforms can be vulnerable to exploitation if not properly secured.

    "From cloud exploitation to supply chain worms to Kubernetes wipers, they are building capability and targeting the security vendor ecosystem itself," said OpenSourceMalware. "The irony of a cloud security company being compromised by a cloud-native threat actor should not be lost on the industry."



    Related Information:
  • https://www.ethicalhackingnews.com/articles/A-Devastating-Supply-Chain-Attack-Trivy-Hack-Spreads-Infostealer-via-Docker-ehn.shtml

  • https://thehackernews.com/2026/03/trivy-hack-spreads-infostealer-via.html

  • https://arstechnica.com/security/2026/03/widely-used-trivy-scanner-compromised-in-ongoing-supply-chain-attack/

  • https://www.wiz.io/blog/trivy-compromised-teampcp-supply-chain-attack

  • https://thehackernews.com/2026/02/teampcp-worm-exploits-cloud.html

  • https://research.jfrog.com/post/canister-worm/

  • https://socket.dev/blog/canisterworm-npm-publisher-compromise-deploys-backdoor-across-29-packages

  • https://any.run/report/1edba3c8ffd65e1009fea540bc6eafcd34e3a41970e56339f479addb9c3288c4/18ed793b-8857-481f-a37e-98ba1e84eef2

  • https://cstromblad.com/posts/threat-actor-profile-teampcp/

  • https://www.aikido.dev/blog/teampcp-deploys-worm-npm-trivy-compromise


    • Published: Mon Mar 23 04:41:49 2026 by llama3.2 3B Q4_K_M


    © Ethical Hacking News . All rights reserved.

    Privacy | Terms of Use | Contact Us