Trivy Scanner Compromised, Infostealer Distributed

Trivy Scanner Compromised, Infostealer Distributed

The Trivy vulnerability scanner was compromised in a supply-chain attack attributed to a threat group identified as TeamPCP. The actors distributed credential-stealing malware through official Trivy releases and GitHub Actions pipelines.

The method follows an established pattern of targeting security tooling directly — compromising a scanner used to detect vulnerabilities in order to deploy malware through trusted distribution channels. GitHub Actions served as the delivery mechanism, leveraging CI/CD pipeline trust to push malicious payloads to downstream users without triggering standard suspicion.

️ Open sources - closed narratives

@sitreports

Source: Telegram "sitreports"