TeamPCP, the threat actor behind the recent Trivy supply chain attack, has expanded its campaign by compromising two additional GitHub Actions workflows maintained by Checkmarx. The affected repositories – checkmarx/ast-github-action and checkmarx/kics-github-action – were found to contain credential-stealing malware, signaling a broader escalation in software supply chain attacks targeting cloud-native environments.
Security researchers from Sysdig identified that the same “TeamPCP Cloud stealer” used in the earlier Trivy breach was deployed in this latest incident. The original attack, tracked as CVE-2026-33634 with a critical CVSS score of 9.4, appears to have enabled attackers to reuse stolen credentials to compromise additional repositories. This highlights a dangerous pattern where a single breach can cascade across multiple platforms and organizations.
The malware is engineered to extract sensitive credentials from CI/CD environments, including SSH keys, Git tokens, AWS, Google Cloud, Microsoft Azure, Kubernetes, Docker configurations, and even cryptocurrency wallet data. It also targets .env files, databases, VPN credentials, and communication tools such as Slack and Discord, making it a comprehensive threat to modern development pipelines.
Attackers used a force-push technique to inject malicious code into trusted GitHub Actions, embedding a payload named setup.sh. Once executed, the malware collects sensitive data and exfiltrates it to a malicious domain disguised as a vendor-related address. To avoid detection, the attackers employed typosquatting tactics, making the domain appear legitimate in CI/CD logs and reducing the likelihood of manual discovery.
In addition to direct data exfiltration, the malware includes a fallback mechanism that creates repositories such as docs-tpcp within compromised GitHub accounts. These repositories act as backup storage for stolen data if primary exfiltration channels fail. This redundancy demonstrates the sophistication and persistence of the attack.
Further analysis by Wiz revealed that the breach may have originated from a compromised service account, cx-plugins-releases. The attackers also distributed trojanized versions of development tools via Open VSX, specifically targeting extensions like ast-results and cx-dev-assist. Once installed, these extensions deploy secondary payloads capable of executing across multiple JavaScript package managers, further expanding the attack surface.
The campaign goes beyond CI environments. On non-CI systems, the malware establishes persistence using system-level services that periodically check for new payloads. In some cases, the attackers have also deployed malicious Docker images and targeted Kubernetes clusters, even introducing destructive scripts that can wipe systems under specific regional conditions.
To mitigate the threat, organizations are urged to immediately rotate all credentials exposed to CI runners, audit workflow logs for suspicious activity, and monitor for unauthorized repositories linked to data exfiltration. Security experts also recommend pinning GitHub Actions to specific commit hashes instead of version tags, as tags can be manipulated by attackers.
While Checkmarx has stated that there is no confirmed impact on customer data or production environments, the incident underscores the growing risks associated with software supply chain dependencies. As cyber threats evolve, organizations must adopt stricter security controls, continuous monitoring, and zero-trust principles to protect their development ecosystems from increasingly sophisticated adversaries.
Recommended Cyber News :
- FancyBear Server Breach Exposes Credentials, Impacts 2FA & NATO
- SquareX Uncovers BitM Attack Using Safari Fullscreen API to Steal Credentials
- OpenClaw AI Agent Security Flaw Risks Data Exfiltration
To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com
