- Credential-stealing malware known as “TeamPCP Cloud stealer” has compromised GitHub Actions workflows from Checkmarx, following a similar attack on Aqua Security‘s Trivy scanner.
- The stealer exfiltrates a wide range of sensitive data, including cloud service keys, CI/CD configurations, and cryptocurrency wallet data, to a typosquatted domain.
- Attackers are forcing malicious commits and using stolen credentials to poison additional actions, creating a cascading supply chain compromise.
- Users must immediately rotate all exposed secrets, audit their GitHub workflows, and pin Actions to full commit SHAs to mitigate the threat.
Threat actors from TeamPCP have successfully targeted two more critical GitHub Actions workflows from the supply chain security firm Checkmarx, security researchers from Sysdig reported in late March 2026. This expansion came just days after the same group’s initial software supply chain breach involving Aqua Security‘s Trivy vulnerability scanner, tracked as CVE-2026-33634. Consequently, the compromised credentials from the Trivy incident were weaponized to poison the new Checkmarx actions, according to Sysdig.
The malicious payload, called “TeamPCP Cloud stealer,” is engineered to harvest an extensive array of credentials. It targets secrets for major cloud platforms like AWS, Google Cloud, and Microsoft Azure, alongside SSH keys, Docker configurations, and crucially, data from cryptocurrency wallets. The stolen information is encrypted and sent to the domain “checkmarx[.]zone” in an archive named “tpcp.tar.gz.”
Attackers employed a deceptive technique by force-pushing tags to malicious commits containing the stealer. “The use of vendor-specific typosquat domains for each poisoned action is a deliberate deception technique”, Sysdig explained. This method makes malicious traffic appear legitimate, significantly reducing the chance of manual detection during a routine log review.
The breach facilitates a dangerous chain reaction within software supply chains. Stolen personal access tokens with write permissions allow attackers to push malicious code into other repositories that use the compromised actions. “The identical payload, encryption scheme, and tpcp.tar.gz naming convention confirm this is the same threat actor expanding their reach”, the researchers noted, highlighting that traditional code review failed because the malicious code was injected at the source of a trusted action.
Researchers from Wiz detailed that the attack likely stemmed from a compromised service account. They also noted the attackers published trojanized versions of two Open VSX extensions, ast-results and cx-dev-assist. Wiz researchers said the malware installs persistence on non-CI systems, polling for new payloads every 50 minutes.
In response, security teams are advised to rotate all exposed secrets and tokens immediately. Organizations must also audit their GitHub Actions runs for signs of the “tpcp.tar.gz” archive or connections to the malicious domains. Pinning GitHub Actions to full commit SHAs instead of version tags is a critical defensive step, as tags can be maliciously force-pushed by attackers.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
