"Analysis of the poisoned image indicates that the bundled KICS binary was modified to include data collection and exfiltration capabilities not present in the legitimate version," Socket said.
Socket's analysis and the nature of the compromise
Software supply chain security company Socket published an alert today describing malicious images pushed to the official checkmarx/kics Docker Hub repository. Socket reported that the altered KICS binary could generate an uncensored scan report, encrypt it, and send it to an external endpoint — capabilities that were not present in the legitimate KICS release and which create a significant data-exfiltration risk for users.
Compromised Docker Hub tags and repository status
According to Socket, unknown threat actors overwrote existing Docker tags, including v2.1.20 and alpine, and introduced a new v2.1.21 tag that does not correspond to any official release. Socket said the Docker repository has been archived as of writing. The combination of overwritten official tags and an undocumented tag increases the chance downstream users pulled poisoned images by mistake or through automated tooling.
Malicious Microsoft Visual Studio Code extensions and Bun-based addon
Socket's follow-up analysis identified related Checkmarx developer tooling that may have been affected. Recent Microsoft Visual Studio Code extension releases contained malicious code designed to download and run a remote addon through the Bun runtime. Socket reported that the behavior appeared in extension versions 1.17.0 and 1.19.0, was removed in 1.18.0, and relied on a hardcoded GitHub URL to fetch and run additional JavaScript without user confirmation or integrity verification.
Practical risk: credentials and configuration exposed to scans
Socket warned that organizations which used the affected KICS image to scan Terraform, CloudFormation, or Kubernetes configurations should treat any secrets or credentials exposed to those scans as likely compromised. The altered KICS behavior — producing uncensored reports and transmitting them externally — directly targets the output of infrastructure-as-code scans, which often contain credentials or sensitive configuration data.
What this means for security teams, procurement leaders, and end users
- Security teams: Investigate any use of the checkmarx/kics images with tags v2.1.20, alpine, or v2.1.21 and assume that secrets exposed during those scans may be compromised. Review recent deployments and automated pipelines that pull those tags and consider rotation of any credentials that were scanned.
- Procurement and vendor-risk teams: Treat Socket's statement that "the evidence suggests this is not an isolated Docker Hub incident, but part of a broader supply chain compromise affecting multiple Checkmarx distribution channels" as a prompt to audit the provenance of developer tooling and distribution channels from Checkmarx and related vendors.
- End users and developer-tooling owners: Audit installed Visual Studio Code extensions for versions 1.17.0 and 1.19.0 of the affected Checkmarx extensions and examine whether any execution of remote code via the Bun runtime occurred, given the extensions' use of a hardcoded GitHub URL to fetch additional JavaScript without user confirmation or integrity checks.
Socket's alert frames the incident as more than a single Docker Hub tampering: the company emphasizes a possible supply chain compromise spanning multiple Checkmarx distribution channels. The practical effect, in Socket's view, is elevated risk for teams that run automated infrastructure-as-code scans or that installed the implicated VS Code extension versions.
The Hacker News has contacted Checkmarx for further information, and will update the report if we hear back. For now, the concrete artifacts called out by Socket — the overwritten tags v2.1.20 and alpine, the spurious v2.1.21 tag, and the Visual Studio Code extension behavior in versions 1.17.0, 1.18.0, and 1.19.0 — offer specific, actionable starting points for organizations to inspect pipelines, rotate credentials, and quarantine suspect tooling.
