{"id":371,"date":"2026-03-24T14:08:29","date_gmt":"2026-03-24T14:08:29","guid":{"rendered":"https:\/\/thedigitalfortress.us\/?p=371"},"modified":"2026-03-24T14:08:29","modified_gmt":"2026-03-24T14:08:29","slug":"teampcp-hacks-checkmarx-github-actions-using-stolen-ci-credentials","status":"publish","type":"post","link":"https:\/\/thedigitalfortress.us\/?p=371","title":{"rendered":"TeamPCP Hacks Checkmarx GitHub Actions Using Stolen CI Credentials"},"content":{"rendered":"
\n
<\/a><\/div>\n

Two more GitHub Actions workflows have become the latest to be compromised by credential-stealing malware by a threat actor known as TeamPCP, the cloud-native cybercriminal operation also behind the Trivy supply chain attack.<\/p>\n

The workflows, both maintained by the supply chain security company Checkmarx, are listed below –<\/p>\n

Cloud security company Sysdig said it observed an identical credential stealer as the one used in TeamPCP’s operations targeting Aqua Security’s Trivy vulnerability scanner and its associated GitHub Actions, about four days after the breach on March 19, 2026. The Try supply chain compromise is being tracked under the CVE identifier CVE-2026-33634<\/a> (CVSS score: 9.4).<\/p>\n

\u00abThis suggests that the stolen credentials from the Trivy compromise were used to poison additional actions in affected repositories,\u00bb Sysdig said<\/a>.<\/p>\n

The stealer, referred to as \u00abTeamPCP Cloud stealer,\u00bb is designed to steal credentials and secrets related to SSH keys, Git, Amazon Web Services (AWS), Google Cloud, Microsoft Azure, Kubernetes, Docker, .env files, databases, and VPNs, along with CI\/CD configurations, data from cryptocurrency wallets, and Slack and Discord webhook URLs.<\/p>\n

\n
\"Cybersecurity\"<\/a><\/div>\n<\/div>\n

Like in the case of Trivy, the threat actors have been found to force-push tags to malicious commits containing the stealer payload (\u00absetup.sh\u00bb). The stolen data is exfiltrated to the domain \u00abcheckmarx[.]zone\u00bb (IP address: 83.142.209[.]11:443) in the form of an encrypted archive (\u00abtpcp.tar.gz\u00bb).<\/p>\n

<\/p>\n

The new version creates a \u00abdocs-tpcp\u00bb repository using the victim’s GITHUB_TOKEN to stage the stolen data as a backup method if the exfiltration to the server fails. In the Trivy incident, the threat actors used the repository name \u00abtpcp-docs\u00bb instead.<\/p>\n

\u00abThe use of vendor-specific typosquat domains for each poisoned action is a deliberate deception technique,\u00bb Sysdig said. \u00abAn analyst reviewing CI\/CD logs would see curl traffic to what appears to be the action’s own vendor domain, reducing the likelihood of manual detection.\u00bb<\/p>\n

The fact that the stealer’s primary function is to harvest credentials from CI runner memory allows the operators to extract GitHub personal access tokens (PATs) and other secrets from when a compromised Trivy action executes in a workflow. To make matters worse, if those tokens have write access to repositories that also use Checkmarx actions, the attacker can weaponize them to push malicious code.<\/p>\n

\"\"<\/a><\/div>\n

This, in turn, opens the door to a cascading supply chain compromise, where one poisoned action captures secrets that are used to facilitate the poisoning of other actions.<\/p>\n

\u00abThe identical payload, encryption scheme, and tpcp.tar.gz naming convention confirm this is the same threat actor expanding their reach beyond the initial Trivy compromise,\u00bb Sysdig noted. \u00abCode review and dependency scanning failed here because the malicious code was injected into a trusted action at the source.\u00bb<\/p>\n

According to Wiz, the attack appears to have been carried out via the compromise of the \u00abcx-plugins-releases\u00bb service account, with the attackers also publishing trojanized versions<\/a> of the \u00abast-results<\/a>\u00bb (version 2.53.0) and \u00abcx-dev-assist<\/a>\u00bb (version 1.7.0) Open VSX extensions. The VS Code Marketplace versions are not affected.<\/p>\n

Once the extension is activated, the malicious payload checks whether the victim has credentials for at least one cloud service provider, such as GitHub, AWS, Google Cloud, and Microsoft Azure. If any credentials are detected, it proceeds to fetch a next-stage payload from the same domain (\u00abcheckmarx[.]zone\u00bb).<\/p>\n

\u00abThe payload attempts execution via npx, bunx, pnpx, or yarn dlx. This covers major JavaScript package managers,\u00bb Wiz researchers Rami McCarthy, James Haughom, and Benjamin Read said<\/a>. \u00abThe retrieved package contains a comprehensive credential stealer. Harvested credentials are then encrypted, using the keys as elsewhere in this campaign, and exfiltrated to ‘checkmarx[.]zone\/vsx’ as tpcp.tar.gz.\u00bb<\/p>\n

\u00abOn non-CI systems, the malware installs persistence via a systemd user service. The persistence script polls https:\/\/checkmarx[.]zone\/raw every 50 minutes for additional payloads, with a kill switch that aborts if the response contains \u00abyoutube\u00bb. Currently, the link redirects to The Show Must Go On by Queen.\u00bb<\/p>\n

\n
\"Cybersecurity\"<\/a><\/div>\n<\/div>\n

To mitigate the threat, users are advised to perform the following actions with immediate effect –<\/p>\n

    \n
  • Rotate all secrets, tokens, and cloud credentials that were accessible to CI runners during the affected window.<\/li>\n
  • Audit GitHub Actions workflow runs for any references to tpcp.tar.gz, scan.aquasecurity[.]org, or checkmarx[.]zone in runner logs.<\/li>\n
  • Search GitHub organization for repositories named \u00abtpcp-docs\u00bb or \u00abdocs-tpcp,\u00bb which indicate successful exfiltration via the fallback mechanism.<\/li>\n
  • Pin GitHub Actions to full commit SHAs rather than version tags, as tags can be force-pushed.<\/li>\n
  • Monitor outbound network connections from CI runners to suspicious domains.<\/li>\n
  • Restrict the Instance Metadata Service (IMDS) from CI runner containers using IMDSv2.<\/li>\n<\/ul>\n

    In the days following the initial breach, TeamPCP actors have pushed malicious Docker images of Trivy containing the same stealer and hijacked the company’s \u00abaquasec-com\u00bb GitHub organization to tamper with dozens of internal repositories.<\/p>\n

    They have also been observed targeting Kubernetes clusters with a malicious shell script that wipes all machines when it detects systems matching the Iranian time zone and locale, highlighting a newfound escalation of the group’s modus operandi.<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

    Two more GitHub Actions workflows have become the latest to be compromised by credential-stealing malware by a threat actor known as TeamPCP, the cloud-native cybercriminal operation also behind the Trivy…<\/p>\n","protected":false},"author":1,"featured_media":372,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[802,857,446,71,856,445,855],"class_list":["post-371","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-actions","tag-checkmarx","tag-credentials","tag-github","tag-hacks","tag-stolen","tag-teampcp"],"_links":{"self":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts\/371","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=371"}],"version-history":[{"count":0,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts\/371\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/media\/372"}],"wp:attachment":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=371"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=371"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=371"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}