Ddos 
GitHub file view showing the oversized mcpAddon.js payload
The cybersecurity world is facing a sprawling supply chain compromise as official distribution channels for Checkmarx, a leader in application security, were hijacked to spread credential-stealing malware. On April 22, 2026, researchers from Socket and Docker uncovered a sophisticated operation that poisoned official Docker images and VS Code extensions to turn developer environments into “exfiltration and supply chain propagation paths”.
The attack has been linked to the threat actor TeamPCP, who appeared to taunt the community on social media following the discovery, posting: “Thank you OSS distribution for another very successful day at PCP inc”.
The breach first came to light when Docker’s internal monitoring flagged suspicious activity in the official checkmarx/kics repository. Attackers had overwritten trusted image tags—including v2.1.20, alpine, and latest—with a trojanized version of the KICS binary.
“Analysis of the poisoned image indicates that the bundled KICS binary was modified to include data collection and exfiltration capabilities not present in the legitimate version,” the report writes.
Simultaneously, the attackers compromised Checkmarx’s VS Code extensions. These extensions were modified to silently download a malicious payload called mcpAddon.js from a hardcoded GitHub URL using a backdated, orphaned commit to evade detection. Once downloaded, the malware executed using the Bun runtime, immediately beginning a comprehensive harvest of developer and cloud credentials.
One of the most bizarre and distinctive elements of this campaign is the attacker’s use of public GitHub repositories for exfiltration staging. The malware uses stolen GitHub tokens to create repositories under the victim’s own account with the deceptive description “Checkmarx Configuration Storage”.
Socket researchers noticed a striking pattern in the auto-generated names of these staging repos. The vocabulary is heavily drawn from Frank Herbert’s Dune universe, featuring names like:
- gesserit-melange-813
- prescient-sandworm-556
- atreides-thumper-424
These repositories serve as a “covert data channel,” storing encrypted JSON files containing stolen tokens and credentials.
TeamPCP’s toolkit wasn’t designed just to steal; it was designed to spread. The malware includes two aggressive propagation vectors:
- GitHub Actions Heist: The malware injects a malicious workflow (format-check.yml) into any repository the victim has write access to. This workflow uses a clever trick—${{ toJSON(secrets) }}—to collapse every secret in the repository into a single string, which is then uploaded as a workflow artifact for the attacker to download.
- npm Package Takeover: By reading the victim’s .npmrc file, the worm identifies every npm package the developer has permission to modify. It then attempts to republish those packages with the malicious payload, enabling “rapid lateral spread across the npm ecosystem”.
If your team has pulled Checkmarx artifacts recently, you must treat this as a high-severity credential exposure.
- Audit for “Dune” Repos: Search your GitHub organization for any new public repositories with names like “sandworm” or “gesserit” and the description “Checkmarx Configuration Storage”.
- Rotate Credentials: Immediately rotate GitHub tokens, npm tokens, AWS/Azure/GCP credentials, and SSH keys.
- Inspect Workflows: Review .github/workflows/ for unexpected files like format-check.yml or artifacts named format-results.txt.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
