Summary

Cybersecurity researchers have identified a malicious campaign leveraging Docker Hub to distribute infostealer malware through the Trivy supply chain. This attack has led to the spread of a worm and a Kubernetes wiper, affecting developer environments.

Key Points

• The attack was discovered following the Trivy supply chain compromise.
• Malicious artifacts were distributed via Docker Hub.
• The last known clean release of Trivy on Docker Hub is version 0.69.3.
• Malicious versions 0.69.4, 0.69.5, and 0.69.6 were identified and removed.
• The attack has resulted in the spread of an infostealer, a worm, and a Kubernetes wiper.

Analysis

This incident underscores the vulnerabilities inherent in supply chain attacks, particularly within containerized environments. The use of Docker Hub as a distribution vector for malicious artifacts highlights the need for stringent security measures and vigilance in monitoring software dependencies and updates.

Conclusion

IT professionals should verify the integrity of container images and ensure they are using the last known clean version of Trivy, 0.69.3. Regular audits and monitoring of container environments are recommended to mitigate the risks associated with supply chain attacks.