How TeamPCP turned Aqua Security’s own Trivy scanner into a weapon against millions of developers

TeamPCP, a threat actor group, executed a sophisticated multi-stage supply chain attack starting with Aqua Security's Trivy vulnerability scanner. By exploiting a GitHub Actions misconfiguration, they stole credentials, trojanized Trivy binaries and actions, and spread malware across npm packages via a self-propagating worm called CanisterWorm. The attack chain compromised CI/CD pipelines across millions of developer environments, stealing cloud credentials, SSH keys, Kubernetes tokens, and more. The group claims to have obtained 300 GB of compressed credentials from projects downloaded over 100 million times monthly. Security experts recommend rotating all credentials, pinning GitHub Actions to commit SHAs instead of tags, and treating security tools as versioned dependencies with checksum verification.