Trivy Vulnerability Scanner - Backdoored with Credential Stealer
Basically, hackers added secret-stealing malware to a popular tool used by developers.
A serious breach has compromised the Trivy vulnerability scanner, injecting malware into its official releases. Thousands of developers are at risk as the attack targets CI/CD workflows. Immediate action is needed to rotate secrets and secure environments against potential supply chain attacks.
What Happened
Attackers have successfully compromised the Trivy vulnerability scanner, a widely used open-source tool developed by Aqua Security. They injected credential-stealing malware into official releases and GitHub Actions, affecting thousands of CI/CD workflows. This breach poses a significant risk, as it could lead to a cascade of additional supply-chain compromises if impacted projects and organizations do not act quickly to rotate their secrets.
The attack was disclosed by Trivy maintainers, who traced it back to an earlier compromise that exploited insecure GitHub Actions. Security firms like Socket and Wiz found that the attackers returned to Trivy's environment due to incomplete credential rotations after the initial breach, allowing them to introduce malicious commits into the project.
Who's Affected
The compromise affects numerous developers and organizations using Trivy for vulnerability scanning in their CI/CD pipelines. With over 32,000 GitHub stars and more than 100 million downloads from Docker Hub, the potential impact is vast. Developers relying on the compromised components—trivy-action, setup-trivy, and the Trivy binary itself—face a heightened risk of credential theft.
The attackers manipulated three components of the Trivy project, overwriting 75 out of 76 version tags in trivy-action with malicious code. This means that anyone using these tags in their workflows could inadvertently execute the attackers' code, leading to severe security implications.
What Data Was Exposed
Once the malicious binary is executed, it runs both the legitimate Trivy service and the malicious code simultaneously. The malware is designed to extract sensitive information, including SSH keys, cloud provider credentials, Kubernetes tokens, and Docker registry configurations. The stolen data is encrypted and sent to a domain that mimics Aqua Security's legitimate site, or, if that fails, uploaded to a public repository created on the victim's GitHub account.
Additionally, the malware installs a persistent Python dropper on developer machines, connecting to an attacker-controlled server every five minutes to fetch additional payloads. This creates a long-term risk for affected developers and organizations.
What You Should Do
Organizations using Trivy must act immediately. If you suspect running a compromised version, treat all pipeline secrets as compromised and rotate them without delay. Security teams should also search their GitHub accounts for any repositories named tpcp-docs, as this indicates successful data exfiltration.
To mitigate risks, pin GitHub Actions to full commit SHA hashes instead of version tags to prevent tag manipulation attacks. The unaffected versions include Trivy v0.69.3, trivy-action tag 0.35.0, and setup-trivy 0.2.6. Furthermore, blocking the command-and-control domain at the network perimeter is crucial to prevent further exploitation.
CSO Online