The Trivy vulnerability scanner was compromised in a supply-chain attack that trojanized the v0.69.4 release and multiple trivy-action GitHub Actions to distribute credential-stealing malware. Researchers link the campaign to TeamPCP, which exfiltrated harvested secrets to a typosquatted C2 or public GitHub repos, established persistence, and later spread a self-propagating npm worm named CanisterWorm. #Trivy #TeamPCP
Keypoints
- A supply-chain compromise of Trivy v0.69.4 and related GitHub Actions delivered credential-stealing malware to users.
- Attackers trojanized entrypoint.sh and published malicious binaries, force-pushing 75 of 76 tags in the trivy-action repository.
- The infostealer harvested SSH keys, cloud and CI/CD credentials, environment files, TLS keys, and other secrets, then exfiltrated them to a typosquatted C2 or a public tpcp-docs repo.
- Threat actor TeamPCP reused previously exfiltrated credentials to publish releases and achieved persistence via a systemd Python service on compromised hosts.
- The same actor later deployed CanisterWorm to propagate through npm packages using stolen npm tokens and decentralized ICP canisters for C2.