Checkmarx Attack Weaponizes KICS and Bitwarden CLI
Malicious Docker images and VS Code extensions steal IaC secrets; Bitwarden npm trusted publishing abused in a sophisticated DevSecOps attack chain.
TEL AVIV, IL — In a cascading security failure that strikes at the heart of modern DevSecOps, the prominent security vendor Checkmarx has confirmed a multi-stage supply chain compromise affecting its flagship open-source scanner, KICS, and its official VS Code extensions. The breach, claimed by an actor identified as TeamPCP, further metastasized on April 22 when a compromised Checkmarx GitHub token was used to poison the official Bitwarden CLI npm package.
The incident represents a nightmare scenario for enterprise security teams: the very tools used to scan for vulnerabilities were weaponized to exfiltrate them.
Breach Audit: The KICS-to-Bitwarden Attack Chain
The infection began with the compromise of the checkmarx/kics Docker repository. Attackers injected malicious code into specific tags — primarily v2.1.20, v2.1.21, and the alpine variant. Simultaneously, Checkmarx's VS Code extensions (v1.17.0 and v1.19.0) were updated to download a remote JavaScript file, mcpAddon.js, via the Bun runtime to establish C2 communication.
The attack reached its peak between 5:57 PM and 7:30 PM ET on April 22, when the @bitwarden/cli@2026.4.0 package was published to npm. The attackers bypassed traditional barriers by exploiting npm trusted publishing, using a stolen GitHub token from a Checkmarx automated workflow to push the malicious version to Bitwarden’s official distribution path.
For a full list of C2 domains and malicious file hashes discovered during this audit, see the Indicators of Compromise in our technical breakdown below.
Strategic Defense: Mitigation & Remediation
To secure your environment against the TeamPCP attack chain, organizations must execute the following mandatory steps. Because this breach involves the exfiltration of high-value secrets, simple patching is insufficient; a comprehensive credential reset is required.
1. Critical Software Remediation
- Checkmarx KICS: Purge all cached Docker images. Specifically, avoid and delete tags
v2.1.20,v2.1.21,alpine, andlatest. Pin your CI/CD pipelines to a known clean version likev2.1.19until a verifiedv2.1.22+release is deployed. - Bitwarden CLI: If you updated via npm on April 22, 2026, you may have the compromised package. Downgrade from
@bitwarden/cli@2026.4.0immediately. The verified clean version is2026.4.1. - VS Code Extensions: Uninstall the Checkmarx extension and perform a clean reinstall. Ensure your current version is not
1.17.0or1.19.0. Version1.18.0is currently cited as the stable baseline.
2. Credential & Secret Rotation (Mandatory)
- Revoke GitHub PATs: Any Personal Access Token (PAT) used in a pipeline where the compromised KICS Docker image was active must be considered stolen. Revoke and rotate these immediately.
- Rotate Infrastructure Secrets: Because KICS is an Infrastructure-as-Code (IaC) scanner, it likely had access to your Terraform states and Kubernetes manifests. Assume all AWS/Azure keys, database credentials, and API secrets within those files have been exfiltrated.
3. Network & Repository Auditing
- Block C2 Traffic: Ensure your egress filters block all traffic to the malicious telemetry endpoint:
audit.checkmarx[.]cx. - Audit GitHub Repositories: Scan your organization’s GitHub history for any unexpected repositories or branches created with the name "Checkmarx Configuration Storage." These serve as indicators of persistent backdoors.
Technical Breakdown: The OIDC Exploitation Loop
This incident highlights a critical vulnerability in the industry's shift toward Trusted Publishing (OIDC). By compromising a developer's identity rather than a static password, the attackers effectively turned a "secure" automated flow into an unvetted pipeline for malware.
The CyberSignal Analysis
Signal 01 — The Trusted Publishing Trap
The Bitwarden CLI compromise is a watershed moment for npm’s "Trusted Publishing" (OIDC) model. While intended to eliminate long-lived secrets, this incident proves that if an attacker compromises the identity (the GitHub Actions runner), the "trusted" automated flow becomes an unvetted pipeline for malware.
Signal 02 — IaC as an Exploitation Engine
Infrastructure-as-Code (IaC) scanners like KICS are inherently "noisy" and require deep access to secrets (Terraform states, Kubernetes configs). By poisoning the scanner, TeamPCP turned a standard security best practice into a systematic data exfiltration engine.
This incident echoes the vulnerability challenges faced by Citizens Financial and other large institutions where third-party vendor trust remains the primary attack surface.
