A series of interconnected cyberattacks targeting several widely used software development tools has been reported by Wiz Research and Checkmarx, aimed at stealing sensitive digital keys and credentials from unsuspecting companies.
What Happened?
The trouble began on 19 March 2026, when a hacking group calling themselves TeamPCP managed to break into Trivy, a popular tool used by developers to scan their code for security vulnerabilities. This was a supply chain attack, which occurs when hackers sneak malicious code into a trusted product so it spreads automatically to everyone who uses that software.
In Trivy’s case, the hackers injected a credential stealer into the Trivy scanner and its related automated tasks on GitHub. By appearing as legitimate developers, the attackers launched poisoned updates designed to quietly steal passwords, cloud access keys for AWS, Azure, and GCP, and even cryptocurrency wallet details from any computer running the infected versions.
The Attack Expands
The problem didn’t stop with Trivy. On 23 March 2026, the hackers compromised two of Checkmarx’s automated tools (known as KICS) and two plugins used in code editors. These malicious versions were briefly available on the OpenVSX marketplace. While the versions on the official VS Code Marketplace remained safe, anyone who downloaded the specific “ast-results” or “cx-dev-assist” plugins from OpenVSX during that window is at risk.
The campaign expanded again on 24 March 2026, hitting LiteLLM, a tool used by millions to build AI applications. The hackers used stolen credentials to publish poisoned versions (1.82.7 and 1.82.8) to the official Python registry (PyPI). Most alarmingly, version 1.82.8 included a hidden file that runs the malware every single time Python starts on your computer, even if you never actually open the LiteLLM tool itself.
How the Malware Works
These attackers are quite clever. When the infected software runs, the TeamPCP Cloud Stealer searches the system memory and files for digital master keys that allow access to a company’s servers. It specifically hunts for Kubernetes tokens and Solana cryptocurrency wallets.
To stay hidden, Wiz Research discovered the malware creates a background service named “sysmon” (located at ~/.config/systemd/user/sysmon.py), which checks a backup website for further instructions every few minutes. In one frustrating twist, Wiz researchers, who shared their findings with Hackread.com, found the hackers even programmed the malware to show a “RickRoll” video as a temporary distraction while they worked in the background.
“We are seeing a dangerous convergence between supply chain attackers and high-profile extortion groups like LAPSUS$. By moving horizontally across the ecosystem – hitting tools like liteLLM that are present in over a third of cloud environments – they are creating a ‘snowball effect.’ This isn’t an isolated incident; it’s a systemic campaign that requires security teams to take action and will likely continue to expand,” said Ben Read, a lead researcher at Wiz.
Steps to Stay Safe
Simply updating the software isn’t enough if the hackers already have your keys. To stay safe, ensure you are using clean versions, specifically Trivy 0.69.7, Checkmarx plugins 1.10.0 or 2.56.0, and LiteLLM 1.82.9 or higher. You must also rotate all cloud passwords, SSH keys, and digital tokens immediately if you used these tools between 19 and 24 March.
Lastly, check your systems for a folder or repository named “tpcp-docs”, as its presence is a clear sign of data theft. Moving forward, experts suggest pinning tools to a SHA hash, which acts as a permanent digital fingerprint that hackers cannot fake.
Deeba Ahmed
