Supply Chain Attack on Trivy Expands Into Docker, npm and Kubernetes Destruction Campaign
A supply chain compromise affecting the widely used Trivy vulnerability scanner has escalated beyond initial credential theft into a broader, multi-stage attack impacting cloud-native environments.
Malicious container images were briefly distributed via Docker Hub, followed by downstream compromises across CI/CD pipelines, npm ecosystems, and Kubernetes environments.
The incident highlights how a single compromised component in a development workflow can propagate across multiple layers of modern infrastructure.
What Happened
Several unauthorized Trivy container image versions were published without corresponding official releases.
The affected versions were:
- 0.69.4
- 0.69.5
- 0.69.6
These images contained embedded malicious code linked to an infostealer previously associated with a threat actor tracked as TeamPCP.
The last verified clean version remains 0.69.3.
Attack Chain
The incident did not stop at compromised images.
Observed activity shows a multi-stage expansion:
1. Credential Theft
Malicious Trivy artifacts collected sensitive data from developer environments and CI/CD pipelines.
2. Supply Chain Propagation
Stolen credentials were used to compromise additional assets, including:
- GitHub repositories
- GitHub Actions workflows
- npm packages
3. Worm Deployment
A self-propagating malware, referred to as CanisterWorm, was distributed through compromised packages.
4. Infrastructure Targeting
The attack extended into cloud infrastructure:
- exposed Docker APIs
- Kubernetes clusters
- Redis services
5. Destructive Payloads
In some observed cases, the attack deployed wiper functionality capable of:
- deleting workloads
- forcing node reboots
- disrupting entire Kubernetes environments
Why This Matters
This incident illustrates a critical shift.
Security tools themselves are becoming attack vectors.
The compromise of a widely trusted open-source scanner created a cascading impact across:
- developer workstations
- CI/CD pipelines
- container environments
- production infrastructure
The speed of propagation and cross-environment impact significantly increases operational risk.
Required Actions
Organizations using Trivy or similar tools should:
- avoid affected versions and verify image integrity
- review CI/CD pipelines for recent executions
- rotate credentials exposed to automation systems
- audit GitHub tokens, service accounts, and access scopes
- monitor for unusual activity in container and Kubernetes environments
Any recent use of affected versions should be treated as potentially compromised.
DIAMATIX Perspective
This incident reflects a broader reality.
Modern attacks no longer target only production systems.
They target the development pipeline itself.
Three critical observations:
- trust in open-source tooling is now a primary attack surface
- CI/CD environments operate with high privileges and low visibility
- a single compromised token can impact multiple environments
Supply chain security is no longer a niche concern.
It is a core operational risk.
Organizations must extend visibility beyond endpoints and networks to include:
- build pipelines
- automation identities
- container registries
- infrastructure-as-code workflows
Without this visibility, detection comes too late.
Sources
- The Hacker News. Trivy Supply Chain Attack Analysis
- Socket Security Research. Malicious Docker Images Findings
- OpenSourceMalware. Incident Investigation and Attribution
- Aqua Security. Official Trivy Security Advisory
- Aikido Security. Kubernetes Wiper Analysis
- GitHub Security Advisories and Incident Reports
This article is based on publicly available threat intelligence and incident reports as of March 2026.
