Trojanized Trivy Attack: FBI Warns of Major Credential Harvesting in CI/CD Runners

July 3, 2026
Trojanized Trivy Attack: FBI Warns of Major Credential Harvesting in CI/CD Runners
  • A trojanized version of Trivy was crafted to harvest credentials and secrets from CI/CD runners, including AWS, GCP, and Azure keys, Kubernetes service account tokens, SSH keys, and Git authentication material, enabling attackers to pivot to other tools like KICS, LiteLLM, and the Telnyx SDK and effectively turning security tools into attack vectors.

  • The FBI urges immediate rotation of all CI/CD secrets and cloud credentials exposed during the March 19–24, 2026 window and suggests using verified commit SHAs in GitHub Actions rather than floating version tags to curb malicious redirection.

  • Exfiltrated data and credentials remain a persistent risk, as affiliated actors such as the Vect ransomware group may weaponize stolen credentials long after the initial breach.

  • Recommended hardening steps include enforcing least-privilege for CI/CD service accounts, adding runtime behavioral monitoring to pipelines, enabling phishing-resistant MFA for publishing accounts, maintaining offline immutable backups, and applying minimum package age thresholds (around seven days) to limit exposure to freshly published malicious versions.

  • The IC3 report details the attack chain starting with the compromise of Aqua Security’s Trivy on March 19, 2026, where attackers force-pushed malicious code to most release tags and distributed backdoored binaries through official channels.

  • The FBI issued an urgent FLASH advisory about the TeamPCP group using trojanized software updates to harvest cloud tokens, SSH keys, and Kubernetes secrets at scale, marking one of 2026’s most sophisticated software supply-chain attacks.

  • TeamPCP compromised trusted software distribution channels by injecting malicious code into legitimate packages, creating a cascading effect that enables stolen credentials from one victim to compromise downstream targets.

  • The operation deployed multiple components—CanisterWorm (targeting npm and PyPI), SANDCLOCK (credential stealer for AWS, Kubernetes tokens, env vars, and crypto wallets), and the Mini Shai-Hulud campaign (self-propagating worm that poisons configuration files and harvests credentials).

  • From February through May 2026, critical tools like Trivy, KICS, LiteLLM, and the Telnyx Python SDK were trojanized, all of which are commonly integrated into enterprise CI/CD pipelines, cloud infrastructure, and security workflows.

Summary based on 1 source


Get a daily email with more Tech stories

Source

FBI Says TeamPCP Uses Trojanized Updates to Steal Cloud Tokens, SSH Keys, and Kubernetes Secrets

GBHackers Security | #1 Globally Trusted Cyber Security News Platform • Jul 3, 2026

FBI Says TeamPCP Uses Trojanized Updates to Steal Cloud Tokens, SSH Keys, and Kubernetes Secrets

More Stories