How to Detect and Remediate Malicious Container Images from the KICS and Trivy Supply Chain Attacks

<h2 id="what-you-need">What You Need</h2> <ul> <li>Access to your Docker Hub account or CI/CD logs</li> <li>List of all Docker images pulled from <code>aquasec/trivy</code> or <code>checkmarx/kics</code> repositories</li> <li>A tool to compute SHA256 digests (e.g., <code>docker image inspect</code>, <code>sha256sum</code>)</li> <li>Credential management system (e.g., vault, secret store) for rotating keys</li> <li>CI/CD pipeline configuration files (e.g., Jenkinsfile, GitLab CI YAML, GitHub Actions YAML)</li> </ul> <h2 id="step-by-step-remediation">Step-by‑Step Remediation Guide</h2> <ol> <li id="step1">Identify compromised tags and digests Cross‑reference your pull history against the known malicious digests from both incidents. For the KICS incident (April 22, 2026), the affected tags and digests are:<figure style="margin:20px 0"><img src="https://www.docker.com/app/uploads/2025/03/image.png" alt="How to Detect and Remediate Malicious Container Images from the KICS and Trivy Supply Chain Attacks" style="width:100%;height:auto;border-radius:8px" loading="lazy"><figcaption style="font-size:12px;color:#666;margin-top:5px">Source: www.docker.com</figcaption></figure> <ul> <li>Alpine, v2.1.20, v2.1.21: Index digest <code>sha256:2588a44890263a8185bd5d9fadb6bc9220b60245dbcbc4da35e1b62a6f8c230d</code></li> <li>Debian, v2.1.20-debian, v2.1.21-debian: Index digest <code>sha256:222e6bfed0f3bb1937bf5e719a2342871ccd683ff1c0cb967c8e31ea58beaf7b</code></li> <li>Latest: Index digest <code>sha256:a0d9366f6f0166dcbf92fcdc98e1a03d2e6210e8d7e8573f74d50849130651a0</code></li> </ul> For the Trivy incident (earlier in 2026), consult Docker’s security advisory for its specific digests. Use <code>docker image ls --digests</code> to list all images and their digests locally. </li> <li id="step2">Check CI/CD logs and pull‑through caches Examine your CI pipeline history for any job that pulled <code>aquasec/trivy</code> or <code>checkmarx/kics</code> by tag (e.g., <code>latest</code>, <code>v2.1.20</code>) during the exposure window (April 22, 2026 12:35 UTC onward for KICS; refer to Trivy advisory for its window). Also inspect any pull‑through registry (e.g., ECR, GCR, Artifactory) that mirrors Docker Hub. </li> <li id="step3">Rotate credentials that were in scope If your CI ran the compromised images against repositories that contained secrets, cloud credentials, or internal configuration files, rotate all those credentials immediately. The malicious KICS binary exfiltrated scan output (which often includes API keys, cloud resource names, and network topology) to <code>audit.checkmarx[.]cx</code> with user‑agent <code>KICS‑Telemetry/2.0</code>. Assume any secret present during the scan is compromised. </li> <li id="step4">Purge malicious images from all systems Remove the malicious digests from: <ul> <li>Local Docker caches: <code>docker rmi <digest></code></li> <li>CI runner caches (e.g., Docker layer cache, machine images)</li> <li>Pull‑through registries – delete the cached layers or force re‑pull by digest</li> </ul> Do not rely on tag‑based removal; tags can be reassigned by the attacker again. </li> <li id="step5">Re‑pull images by digest and pin your CI Instead of pulling by tag, use the immutable digest in your CI configuration. For example, replace <code>checkmarx/kics:latest</code> with <code>checkmarx/kics@sha256:<known‑good‑digest></code>. Obtain the correct digest from the official repository after the incident is resolved. This ensures that even if the publisher credentials are stolen again, a different digest will not silently overwrite your pipeline.<figure style="margin:20px 0"><img src="https://www.docker.com/app/uploads/2025/03/image-1024x1024.png" alt="How to Detect and Remediate Malicious Container Images from the KICS and Trivy Supply Chain Attacks" style="width:100%;height:auto;border-radius:8px" loading="lazy"><figcaption style="font-size:12px;color:#666;margin-top:5px">Source: www.docker.com</figcaption></figure> </li> <li id="step6">Audit network logs for exfiltration Check your network monitoring tools (e.g., proxy logs, firewall logs, EDR) for connections to <code>audit.checkmarx[.]cx</code> or similar domains using the user‑agent <code>KICS‑Telemetry/2.0</code>. If found, isolate affected systems and perform a deeper forensic analysis. </li> <li id="step7">Update your incident response playbook Add this pattern – stolen publisher credentials used to push malicious images through legitimate pipelines – to your playbook. Include steps to: <ul> <li>Monitor for unexpected tag pushes from official repositories</li> <li>Enable Docker Hub notifications or webhooks for repository changes</li> <li>Use image signing (e.g., <a href="https://docs.docker.com/engine/security/trust/" target="_blank" rel="noreferrer noopener">Docker Content Trust</a>) to verify publisher identity</li> </ul> </li> </ol> <h2 id="tips-and-final-notes">Tips and Final Notes</h2> <ul> <li>Assume breach if unsure: If you cannot definitively prove you never ran a compromised digest, rotate all secrets that the scanner could have accessed.</li> <li>Use digests everywhere: Replace all tag‑based image references in your Dockerfiles, Docker Compose files, and CI YAML with digest references. Tags are mutable; digests are not.</li> <li>Enable multi‑factor authentication (MFA) on your Docker Hub publisher accounts and consider using fine‑grained access tokens instead of passwords.</li> <li>Collaborate openly: As shown by the Trivy and KICS incidents, fast public disclosure helps the community respond quickly. If you find a similar compromise, report it to Docker and the affected vendor, and share indicators of compromise (IOCs) widely.</li> <li>Review supply chain security practices: The pattern of stolen credentials on Docker Hub underscores the need for hardened CI/CD pipelines, secret scanning, and runtime integrity monitoring.</li> </ul> By following these steps, you can minimize the risk from these supply chain attacks and strengthen your defenses against future incidents.

Tags: