VDB
GCVE-110-OSM-2026-683
GCVE-110-OSM-2026-683
Advisory PublishedCVSS 9.6/10
Malicious Docker Hub image published by TeamPCP on March 22, 2026 (~16:00 UTC) as part of the Trivy supply-chain compromise. Built from the backdoored Trivy v0.69.4 binary containing a three-stage credential stealer and persistence dropper. Exfiltrates encrypted credential bundles to scan.aquasecurtiy.org and plug-tab-protective-relay.trycloudflare.com. Installs sysmon.py systemd persistence on non-CI systems polling ICP blockchain C2.
=== MALICIOUS CONTAINER IMAGE ===
Registry: Docker Hub (docker.io)
Image: aquasec/trivy:v0.69.5
Published: ~16:00 UTC, March 22, 2026
Also distributed via: GHCR, ECR
=== EMBEDDED PAYLOAD ===
Contains backdoored Trivy binary with:
- Memory scraping: /proc/[PID]/mem targeting Runner.Worker for {"value":"<secret>","isSecret":true}
- Filesystem sweep: 50+ paths (SSH keys, AWS/GCP/Azure creds, K8s tokens, crypto wallets, GPG keys, Docker creds)
- Encryption: AES-256-CBC + RSA-4096 hybrid
- Exfil: POST to scan.aquasecurtiy.org and plug-tab-protective-relay.trycloudflare.com (tpcp.tar.gz)
- Fallback: Creates tpcp-docs GitHub repo via GITHUB_TOKEN
=== PERSISTENCE (non-CI) ===
Dropper: ~/.config/systemd/user/sysmon.py
C2: https://tdtqy-oyaaa-aaaae-af2dq-cai.raw.icp0.io/
Polling: Every 50 minutes
Kill switch: aborts if response contains "youtube"
Weaknesses (CWE)
CWE-506Embedded Malicious Code
Risk Scores
CVSS 3.1
9.6/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| unknown | darkig | all (affected) | — |
| unknown | v0.69.5 (affected) | — |
Aliases
References
Malicious pypi package: darkig
advisory
Browse GCVE Records
72,580 records in the GCVE database · Updated July 15, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.