Trivy Supply Chain Attack: TeamPCP Pushes Infostealer via GitHub
- [01] Immediate impact: Credential-stealing malware was distributed to users of the Trivy vulnerability scanner via compromised GitHub Actions workflows.
- [02] Affected systems: Developers and automated CI/CD pipelines using Trivy-action versions released during the compromise window are at risk.
- [03] Remediation: Audit GitHub Action logs for unauthorized changes and rotate all secrets exposed in the affected environments immediately.
A sophisticated Supply Chain Attack recently targeted the Trivy-action GitHub repository, a popular tool used for container and infrastructure-as-code scanning. According to Bleeping Computer, threat actors identified as TeamPCP managed to compromise the repository’s release pipeline, allowing them to inject malicious code into official releases. This incident highlights the growing risks associated with automated development workflows and the trust placed in third-party integrations.
Strategies to Detect Trivy Supply Chain Attack Campaigns
The attack specifically targeted the GitHub Actions environment, where the threat actors leveraged access to modify the workflow files. By doing so, they ensured that every time a user called the official Trivy-action in their pipeline, a malicious script was executed alongside the legitimate scanner. The primary goal of this campaign was the deployment of an infostealer designed to exfiltrate sensitive data, including environment variables, API keys, and cloud provider credentials. Security teams must implement logging to detect Trivy supply chain attack indicators, such as unusual outbound network traffic from build runners to unverified C2 servers.
TeamPCP Infostealer Malware Analysis
Technical analysis reveals that the TeamPCP infostealer malware analysis shows a focus on credential harvesting. The malicious script was designed to scan the environment of the runner for secrets and then ship them to an attacker-controlled endpoint. This type of IoC is often difficult to spot because build environments frequently communicate with external repositories and update servers. However, the specific behavior of the malicious script involved accessing the .git directory and environment files that a standard vulnerability scan should not typically require for its core functions. This data exfiltration poses a severe risk to organization-wide security, as stolen credentials can facilitate Lateral Movement within cloud environments.
Impact on DevOps Environments
The compromise of a tool as ubiquitous as Trivy is particularly damaging because it is often integrated into the very heart of the SOC and development security process. If the security tool itself is the vector for infection, traditional defenses may be bypassed. Organizations relying on EDR solutions on their developer machines may see alerts, but headless CI/CD runners often lack the same level of monitoring. Defenders should integrate their runner logs into a SIEM to identify discrepancies in execution patterns.
GitHub Actions Security Best Practices
To prevent similar incidents, organizations should adopt GitHub Actions security best practices immediately. This includes pinning actions to a specific full-length commit SHA rather than a version tag, as tags can be moved by an attacker who has gained write access to a repository. Additionally, the use of OpenID Connect (OIDC) for cloud authentication can reduce the need for long-lived secrets in the environment. Following this breach, all users of the Trivy-action are advised to audit their GitHub logs for unauthorized workflow modifications and rotate any secrets that were available to the CI/CD pipeline during the period of compromise.
Advertisement