Saharaj

How to Detect and Remediate Malicious Container Images from the KICS and Trivy Supply Chain Attacks

Step-by-step guide to check for compromised Docker images from recent supply chain attacks on Trivy and KICS, and how to secure your pipeline.

Saharaj · 2026-05-03 13:32:18 · Cybersecurity

What You Need

  • Access to your Docker Hub account or CI/CD logs
  • List of all Docker images pulled from aquasec/trivy or checkmarx/kics repositories
  • A tool to compute SHA256 digests (e.g., docker image inspect, sha256sum)
  • Credential management system (e.g., vault, secret store) for rotating keys
  • CI/CD pipeline configuration files (e.g., Jenkinsfile, GitLab CI YAML, GitHub Actions YAML)

Step-by‑Step Remediation Guide

  1. Identify compromised tags and digests

    Cross‑reference your pull history against the known malicious digests from both incidents. For the KICS incident (April 22, 2026), the affected tags and digests are:

    How to Detect and Remediate Malicious Container Images from the KICS and Trivy Supply Chain Attacks
    Source: www.docker.com
    • Alpine, v2.1.20, v2.1.21: Index digest sha256:2588a44890263a8185bd5d9fadb6bc9220b60245dbcbc4da35e1b62a6f8c230d
    • Debian, v2.1.20-debian, v2.1.21-debian: Index digest sha256:222e6bfed0f3bb1937bf5e719a2342871ccd683ff1c0cb967c8e31ea58beaf7b
    • Latest: Index digest sha256:a0d9366f6f0166dcbf92fcdc98e1a03d2e6210e8d7e8573f74d50849130651a0

    For the Trivy incident (earlier in 2026), consult Docker’s security advisory for its specific digests. Use docker image ls --digests to list all images and their digests locally.

  2. Check CI/CD logs and pull‑through caches

    Examine your CI pipeline history for any job that pulled aquasec/trivy or checkmarx/kics by tag (e.g., latest, v2.1.20) during the exposure window (April 22, 2026 12:35 UTC onward for KICS; refer to Trivy advisory for its window). Also inspect any pull‑through registry (e.g., ECR, GCR, Artifactory) that mirrors Docker Hub.

  3. Rotate credentials that were in scope

    If your CI ran the compromised images against repositories that contained secrets, cloud credentials, or internal configuration files, rotate all those credentials immediately. The malicious KICS binary exfiltrated scan output (which often includes API keys, cloud resource names, and network topology) to audit.checkmarx[.]cx with user‑agent KICS‑Telemetry/2.0. Assume any secret present during the scan is compromised.

  4. Purge malicious images from all systems

    Remove the malicious digests from:

    • Local Docker caches: docker rmi <digest>
    • CI runner caches (e.g., Docker layer cache, machine images)
    • Pull‑through registries – delete the cached layers or force re‑pull by digest

    Do not rely on tag‑based removal; tags can be reassigned by the attacker again.

  5. Re‑pull images by digest and pin your CI

    Instead of pulling by tag, use the immutable digest in your CI configuration. For example, replace checkmarx/kics:latest with checkmarx/kics@sha256:<known‑good‑digest>. Obtain the correct digest from the official repository after the incident is resolved. This ensures that even if the publisher credentials are stolen again, a different digest will not silently overwrite your pipeline.

    How to Detect and Remediate Malicious Container Images from the KICS and Trivy Supply Chain Attacks
    Source: www.docker.com
  6. Audit network logs for exfiltration

    Check your network monitoring tools (e.g., proxy logs, firewall logs, EDR) for connections to audit.checkmarx[.]cx or similar domains using the user‑agent KICS‑Telemetry/2.0. If found, isolate affected systems and perform a deeper forensic analysis.

  7. Update your incident response playbook

    Add this pattern – stolen publisher credentials used to push malicious images through legitimate pipelines – to your playbook. Include steps to:

    • Monitor for unexpected tag pushes from official repositories
    • Enable Docker Hub notifications or webhooks for repository changes
    • Use image signing (e.g., Docker Content Trust) to verify publisher identity

Tips and Final Notes

  • Assume breach if unsure: If you cannot definitively prove you never ran a compromised digest, rotate all secrets that the scanner could have accessed.
  • Use digests everywhere: Replace all tag‑based image references in your Dockerfiles, Docker Compose files, and CI YAML with digest references. Tags are mutable; digests are not.
  • Enable multi‑factor authentication (MFA) on your Docker Hub publisher accounts and consider using fine‑grained access tokens instead of passwords.
  • Collaborate openly: As shown by the Trivy and KICS incidents, fast public disclosure helps the community respond quickly. If you find a similar compromise, report it to Docker and the affected vendor, and share indicators of compromise (IOCs) widely.
  • Review supply chain security practices: The pattern of stolen credentials on Docker Hub underscores the need for hardened CI/CD pipelines, secret scanning, and runtime integrity monitoring.

By following these steps, you can minimize the risk from these supply chain attacks and strengthen your defenses against future incidents.

Recommended

Discover More

Mastering the iOS 26 Phone App: How Two Powerful Features Simplify CallingHow Scientists Identified a Subduction Zone Tearing Apart beneath the Pacific Northwest7 Critical Facts About PFAS in Infant Formula You Must KnowWhat You Need to Know About After Mythos: New Playbooks For a Zero-Window EraThe Ultimate Guide to Unlocking Free Rewards in Far Far West