Trivy Hack Spreads Infostealer via Docker, Triggers Worm and Kubernetes Wiper
Summary
Researchers have found malicious Docker images on Docker Hub that were infected through the Trivy supply chain attack. These compromised images spread an infostealer, triggered a worm, and deployed a wiper for Kubernetes environments, affecting developer tools and infrastructure.
IFF Assessment
Malicious actors are successfully compromising widely used developer tools and distributing malware through trusted channels like Docker Hub, posing a significant threat to infrastructure and data.
Defender Context
This incident highlights the critical need for robust supply chain security, especially for tools used in CI/CD pipelines and containerized environments. Defenders should implement strict image scanning, verify the integrity of downloaded artifacts, and monitor for unusual activity within their Kubernetes clusters and developer workstations.