Supply Chain Attack Compromises Trivy Docker Images, Deploys Infostealer, Worm, and Kubernetes Wiper
What Happened — Malicious versions of the popular container‑image scanner Trivy (tags 0.69.4‑0.69.6) were published to Docker Hub. The images contain an infostealer payload that can propagate as a worm and, when executed inside a Kubernetes cluster, trigger a destructive wiper. All three tainted tags have since been removed, but they were publicly available for several days.
Why It Matters for TPRM —
- A trusted open‑source tool became a delivery mechanism for malware, expanding the attack surface of any third‑party software supply chain.
- Organizations that automatically pull Docker images for CI/CD pipelines may have inadvertently introduced malicious code into production environments.
- The Kubernetes wiper demonstrates a direct threat to cloud‑native workloads, potentially causing service outages and data loss.
Who Is Affected — Cloud‑native developers, DevOps teams, SaaS platforms, and any organization that integrates Trivy or other Docker Hub images into their CI/CD pipelines.
Recommended Actions —
- Audit all Docker images pulled from public registries in the last 30 days; replace any Trivy images with verified, clean builds.
- Enforce signed image policies (e.g., Docker Content Trust, Notary) and enable provenance verification for all third‑party containers.
- Review and harden Kubernetes RBAC and network policies to limit the blast radius of a compromised pod.
- Update incident response playbooks to include supply‑chain compromise scenarios.
Technical Notes — The malicious layers were injected into the Trivy binary and a secondary loader script. Once executed, the loader harvests credentials, spreads laterally via default Kubernetes service accounts, and finally runs a destructive script that deletes cluster resources. No CVE was cited; the attack leveraged a compromised publishing workflow on Docker Hub. Source: The Hacker News