Trivy is a popular open-source security scanner developed by Aqua Security. It is designed to find vulnerabilities, misconfigurations, and secrets in container images, file systems, and source code repositories. It is widely used by developers and DevOps teams in their CI/CD pipelines.

What is a software supply chain attack?

A software supply chain attack is a type of cyberattack that targets the development and distribution process of software. Instead of attacking the end-user directly, attackers compromise a trusted piece of software or a component within it, which is then distributed to all of its users.

What kind of malware was distributed in the Trivy attack?

The attack distributed a variant of RedLine Stealer, a common information-stealing malware. It is designed to harvest sensitive data from victims' computers, including saved browser passwords, credit card details, cryptocurrency wallets, and credentials for various applications.

How can I check if I was affected by this attack?

You were potentially affected if you downloaded or updated Trivy between 16:00 UTC and 19:00 UTC on April 17, 2023. You should verify the SHA256 hash of your Trivy binary against the list of malicious hashes provided by Aqua Security in their official incident reports.

How did Aqua Security respond to the incident?

Aqua Security's response was swift and transparent. Their internal monitoring detected the suspicious activity, and they immediately launched an incident response. Within three hours, they removed the malicious files, revoked the compromised credentials, and began communicating with the public, providing details and remediation steps.

When the watchdog gets bit: An analysis of the Trivy vulnerability scanner supply chain attack

Introduction: A security tool turned trojan horse

In a deeply ironic turn of events, a tool designed to find security vulnerabilities became a vector for distributing malware. In April 2023, Aqua Security’s Trivy, a widely respected and popular open-source vulnerability scanner, was the target of a sophisticated supply chain attack. For a brief but critical period, attackers compromised one of Aqua's public GitHub accounts to distribute malicious versions of the scanner embedded with the notorious RedLine Stealer malware. The incident serves as a stark reminder that no part of the software development lifecycle is immune to attack, and even the tools we trust to protect us can be subverted.

While Aqua Security’s rapid detection and transparent response contained the breach within hours, the event provides a valuable case study into the mechanics of modern supply chain attacks and the critical defenses needed to counter them.

Technical breakdown: How the attack unfolded

The success of this attack hinged on a classic, yet effective, entry point: compromised credentials. An unauthorized actor gained access to a public GitHub account associated with the Trivy project. This single point of failure allowed them to manipulate the trusted distribution channels that developers and automated systems rely on.

According to Aqua Security's post-incident report, the attack followed a multi-step process:

Code Injection: The attacker used the compromised account to push malicious commits to the Trivy repository. This code was specifically engineered to download and execute a secondary payload during the software's build process.
Release Manipulation: The threat actor then manipulated GitHub release tags to point to binaries compiled with the malicious code. This made the tainted versions appear as legitimate, official releases on the project's GitHub page.
Poisoning the Package Registry: To maximize distribution, the malicious binaries were also pushed to the Go package registry (`proxy.golang.org`). This meant that anyone using the standard `go install` command to fetch Trivy during the attack window would receive the compromised version.

The incident was confined to a narrow three-hour window on April 17, 2023, between 16:00 and 19:00 UTC. Aqua’s internal monitoring systems detected the anomalous activity, triggering an immediate incident response that cut off the malware's distribution.

The payload: RedLine Stealer

The malware delivered in this attack was identified as RedLine Stealer, a potent and prevalent information-stealing trojan. RedLine is designed to systematically harvest sensitive data from a victim's machine. Its primary targets include:

Browser Data: Saved passwords, credit card numbers, autofill data, cookies, and browsing history.
Cryptocurrency Wallets: Files and credentials associated with various cryptocurrency wallets.
Application Credentials: Login information for FTP clients, email clients, and instant messaging apps.
System Information: Details about the operating system, hardware, IP address, and installed software.

By embedding RedLine in a developer tool like Trivy, the attackers specifically targeted individuals with potentially high-value access: developers, DevOps engineers, and security professionals. The credentials stored on these machines could include API keys, private code repository access tokens, and credentials for cloud infrastructure, making them a gateway for much broader corporate intrusions.

Impact assessment: A limited blast radius with serious implications

The primary victims were any individuals or CI/CD systems that downloaded and executed the malicious Trivy binaries during the three-hour window of compromise. For these victims, the impact is severe. The theft of credentials by RedLine could lead to financial loss, intellectual property theft, and further unauthorized access into corporate networks.

For Aqua Security, the incident represented a significant reputational challenge. However, their response has been widely praised within the security community. By detecting the breach quickly, taking decisive action to remove the malicious files, and communicating transparently with users, they successfully minimized the damage and provided clear guidance for remediation. Aqua was also clear that its internal corporate systems were not breached; the compromise was isolated to a single public-facing account and the Trivy distribution channel.

This attack is a part of a troubling and escalating pattern. It follows in the footsteps of other major supply chain incidents like SolarWinds, Codecov, and the more recent XZ Utils backdoor attempt. These events demonstrate that threat actors are shifting their focus upstream to compromise the very foundation of the software we use. By poisoning a single popular open-source project, they can achieve a cascading effect, compromising thousands of downstream users in a single stroke.

How to protect yourself and your organization

While this specific incident has been resolved, the threat of supply chain attacks remains constant. Organizations and individual developers must adopt a defensive posture that assumes any third-party software could be a potential vector.

For users of Trivy:

Verify Your Version: If you downloaded or updated Trivy on April 17, 2023, immediately verify the binary's checksum (SHA256 hash) against the official, verified hashes published by Aqua Security in their post-incident blog posts.
Scan for Compromise: If you suspect you ran a malicious version, assume your machine is compromised. Disconnect it from the network, perform a full malware scan, and immediately change all passwords stored on the machine, especially for developer services like GitHub, AWS, and private registries.
Update to a Safe Version: Delete any suspect binaries and download the latest verified version of Trivy directly from Aqua Security’s official channels.

General best practices for supply chain security:

Verify Software Integrity: Whenever possible, verify the cryptographic signatures or checksums of downloaded software before execution. This ensures the file has not been tampered with since it was published by the developer.
Enforce Multi-Factor Authentication (MFA): The Trivy incident was enabled by a compromised account. Enforcing MFA on all developer accounts (GitHub, GitLab, package registries) is one of the most effective defenses against unauthorized access.
Use a VPN service: Infostealers often capture system information, including your public IP address. Using a trusted VPN adds a layer of privacy protection by masking your true IP, which can help obscure your location and network origin from attackers during data exfiltration.
Implement the Principle of Least Privilege: CI/CD pipelines and build environments should operate with the minimum permissions necessary. Avoid using long-lived, overly permissive credentials that, if stolen, could grant an attacker broad access.
Pin Dependencies: In your build scripts and package managers, pin software dependencies to specific, known-good versions using their content hash. This prevents the build system from automatically pulling a newly published, potentially malicious version.
Employ Endpoint Security: Use modern Endpoint Detection and Response (EDR) solutions on developer workstations and build servers. These tools can often detect and block the suspicious behavior exhibited by malware like RedLine Stealer, even if the initial binary is trusted.

The attack on Trivy is a powerful lesson in humility. It demonstrates that security is not a static achievement but a continuous process of vigilance, verification, and rapid response. Trust in our tools is essential, but it must be a verified trust, underpinned by strong security practices at every link in the software supply chain.