Supply Chain Attack on Docker Hub Distributes TeamPCP Infostealer Malware

Researchers identified malicious Trivy container images on Docker Hub as part of a supply chain attack, which distributed the TeamPCP infostealer malware targeting developers. The compromised images, versions 0.69.4 through 0.69.6, were removed after discovery, but suspicious tags were pushed without corresponding GitHub releases. The attack exposed users who downloaded the tainted images, increasing risks of credential theft and system compromise. No specific dates or CVE IDs were mentioned in the incident. The breach affected Aqua Security’s repositories, with 44 defaced following the Trivy compromise. The exact scope of impacted developers or organizations remains undisclosed.