Trivy, the Aqua Security vulnerability scanner, was compromised again to deliver a Python-based infostealer via malicious releases and force-pushed tags in the aquasecurity/trivy-action and aquasecurity/setup-trivy GitHub Actions, exposing CI/CD secrets and developer credentials. The payload harvests environment variables and tokens, tries to exfiltrate data to scan.aquasecurtiy[.]org or stage it in a public tpcp-docs repository as a fallback, and investigators tie the activity to hackerbot-claw and possibly TeamPCP. #Trivy #AquaSecurity #GitHubActions #TeamPCP #hackerbot-claw
Keypoints
- Attackers force-pushed 75 tags in aquasecurity/trivy-action and seven tags in aquasecurity/setup-trivy to distribute a Python infostealer payload.
- The malicious code harvests environment variables, credentials, SSH keys, cloud tokens, and crypto wallet data from GitHub Actions runners.
- The stealer exfiltrates data to scan.aquasecurtiy[.]org, sets persistence via a systemd service, and can fallback to staging stolen data in a public tpcp-docs repo using captured PATs.
- This incident follows an earlier compromise by hackerbot-claw that abused a pull_request_target workflow to steal a PAT and enable repository takeover.
- Mitigations include rotating all pipeline secrets, pinning GitHub Actions to full SHA hashes, blocking the exfiltration domain/IP, and auditing accounts for tpcp-docs repositories.
Read More: https://thehackernews.com/2026/03/trivy-security-scanner-github-actions.html