A serious security incident has struck the software development world. Cybercriminals have managed to compromise nearly all versions of Trivy, the widely used vulnerability scanner developed by Aqua Security. This supply chain attack, as confirmed by Itay Shakury, one of the project's maintainers, could have significant repercussions for developers and organizations globally.
Attack Details and Methodology
The attack began in the early hours of Thursday, when a malicious actor, identifying themselves as Team PCP, used stolen credentials to perform a force-push on almost all tags related to Trivy actions (trivy-action) and Trivy setups. A force-push is a specific Git operation that bypasses default security mechanisms, allowing existing commits to be overwritten. This enabled the attackers to make the tags point to malicious dependencies, bypassing normal security procedures.
Trivy is a fundamental tool for developers, used to identify vulnerabilities and hardcoded secrets in software development and deployment processes. Its popularity is evidenced by over 33,200 stars on GitHub, an indicator of its widespread adoption. Version @0.35.0 appears to be the only one unaffected by the attack.
Implications and Risks for Users
Security companies Socket and Wiz revealed that the malware, activated across 75 compromised trivy-action tags, is capable of deeply scanning development pipelines and developer machines for GitHub tokens, cloud credentials, SSH keys, Kubernetes tokens, and any other secrets. Once identified, this data is encrypted and sent to a server controlled by the attacker. The result is that any CI/CD pipeline using a compromised version of the scanner executes malicious code as soon as the scan is initiated. Among the compromised tags are also widely used versions like @0.34.2, @0.33, and @0.18.0.
As recommended by Shakury, anyone who suspects they have used a compromised version should consider all pipeline secrets as compromised and proceed immediately to rotate them. The malware, once executed, launches both the legitimate Trivy service and the malicious code in parallel. Its actions include exfiltrating environment variables, searching for credentials in the filesystem, and collecting network information. The collected data is compressed, encrypted, and sent to a command and control server. If this fails, the malware attempts to use a stolen GitHub token to create a repository and send the data there.
A New Tactic for Greater Stealth
The technique used in this attack represents a novelty compared to traditional supply chain attacks. Instead of poisoning a repository with a new commit, the attackers exploited access to Trivy's credentials to perform a force-push on existing tags. This method, which does not appear in the standard commit history, allowed the attack to evade many common defenses. The malicious actor, Team PCP, made counterfeit commits, spoofing users, and compromised existing tags to make them point to malicious commits. This led to the publication of compromised binaries on several platforms, including GitHub Releases, Docker Hub, GHCR, and ECR, which were subsequently removed by the maintainers.
This incident highlights the growing sophistication of supply chain attacks and the need for constant vigilance. The compromise of a widely used tool like Trivy underscores the importance of rigorous security practices, such as frequent credential rotation and the use of reliable dependency scanning tools. It is crucial that developers stay updated on the latest threats and adopt the preventive measures recommended by security companies to protect their development environments.
The initial vulnerability seems to stem from a prior compromise of the Aqua Trivy VS Code extension. Although the maintainers had rotated tokens and secrets, the process was not fully atomic, leaving remnants that allowed the malicious actor to perform authenticated operations. This case reminds us of the importance of meticulous credential and permission management, especially in open-source projects with a large user base.
For more details on recommended defense measures, please refer to the detailed analyses published by Socket and Wiz. The security of development pipelines is a fundamental pillar for ensuring the integrity of distributed software, and incidents like this serve as a warning to continuously strengthen defenses.
Our publication thinks that...
This attack on Trivy is a wake-up call that resonates loudly in the cybersecurity landscape. The attackers' ability to exploit not only vulnerabilities in code but also flaws in credential management processes and update procedures demonstrates a concerning evolution of malicious tactics. The strength of open-source tools like Trivy lies in their widespread adoption and community collaboration, but this same openness can become an attack vector if not managed with the utmost care. The main lesson to be learned is that trust in software components, even the most established ones, must never replace rigorous verification and a proactive approach to security. Secret management and CI/CD pipeline security must be considered absolute priorities, not secondary options. The transparency of the malicious actors in self-identifying as Team PCP, although bold, might be an attempt to increase their notoriety, but it must not distract from the urgency of mitigating the concrete risks for organizations.
Source: Original
Sponsored Protocol
