Cybersecurity

Megalodon Attack Unleashes Supply Chain Threat on GitHub Code

May 25, 2026 3 min read Source: Securityweek 14 views

A sophisticated supply chain attack, dubbed "Megalodon," has compromised thousands of GitHub repositories, inserting malicious code designed to exfiltrate critical secrets. This coordinated campaign leveraged automated commits to inject workflows that steal sensitive credentials and establish persistent backdoors across a vast codebase.

The attackers utilized GitHub Actions workflows to deliver their payload, pushing thousands of malicious commits within a brief timeframe to inject the harmful code.
The embedded malware is engineered to pilfer a wide array of sensitive data, including API keys, cloud service credentials, SSH keys, and tokens from CI/CD environments.
Discovered through compromised open-source packages, the attack also deployed dormant backdoors that can be activated remotely via specific workflow triggers, posing a persistent threat.

Intelligence briefing: Why this matters: The widespread compromise highlights profound vulnerabilities in software supply chains, demonstrating how malicious actors can leverage trusted development platforms to achieve broad intelligence collection and potential future operational access against organizations and government entities.

More than 5,500 GitHub repositories were infected with malware in a supply chain attack that relies on automated commits, security researchers warn.

The campaign, dubbed Megalodon, relies on GitHub Actions workflows containing a payload designed to steal credentials, keys, tokens, and other secrets.

The workflows, SafeDep says, were injected through over 5,700 malicious commits pushed to the impacted repositories within a six-hour window, on May 18.

According to the cybersecurity firm, the attackers deployed two payloads as part of the attack. One was designed to add a new workflow that would be triggered on every push and pull request, and another that replaced existing workflows with specific triggers, creating dormant backdoors.

On infected machines, the malware would exfiltrate all CI environment variables, AWS credentials, GCP access tokens, Azure credentials, SSH private keys, Docker and Kubernetes configurations, API keys, database connection strings, GitHub Actions tokens, GitLab CI/CD tokens, and dozens of other types of secrets.

Megalodon, SafeDep explains, was discovered after malicious versions of the Tiledesk package, an open source live chat and chatbot platform, were identified. The infected packages were published between May 19 and May 21.

“The same NPM account, eljohnny ([email protected]), published both the clean 2.18.5 and the compromised versions. The attacker never touched the NPM account. They compromised the GitHub repository, and the maintainer published from the poisoned source without realizing it,” SafeDep says.

The malicious commit that led to the infection was pushed on May 18, authored by ‘build-bot’. SafeDep’s investigation into the associated email address uncovered a total of 2,878 commits made on the same day, along with an additional 2,841 commits made via a second email address.

“All 5,718 commits landed on the same day: May 18, 2026, across a six-hour window from approximately 11:36 to 17:48 UTC, targeting 5,561 distinct repositories,” SafeDep explains.

The cybersecurity firm also notes that the attackers’ choice of malicious GitHub Actions workflow, namely ‘workflow_dispatch’, ensured that the dormant backdoor could be triggered at a later date via the GitHub API, using stolen GitHub tokens.

The workflow is exempted from GitHub’s anti-recursion rules, which prevent new workflow runs from being spawned via GitHub token-triggered events.

Last week, NPM announced that all NPM granular access tokens with write access that bypass two-factor authentication have been invalidated to prevent supply chain attacks similar to Mini Shai-Hulud.

According to Ox Security, this should prevent account hijacking, but does not resolve the underlying problem, and malicious code will continue to spread through compromised repositories.

“If platforms continue allowing any type of code to be uploaded without serious vetting, the number of attacks will only increase,” Ox notes.

“We’ve entered a new supply chain attack era, and TeamPCP compromising GitHub was only the beginning. What’s coming is an endless wave, a tsunami of cyber attacks on developers worldwide,” the cybersecurity firm says.

Related: Grafana Says Codebase and Other Data Stolen via TanStack Supply Chain Attack

Related: Supply Chain Security Crisis: Too Many Vulnerabilities, Too Little Visibility

Related: Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack

Analysis

This incident underscores an escalating trend where attackers target the foundational infrastructure of software development, exploiting automation and trust to achieve massive scale. The ability to inject persistent, remotely triggerable backdoors into widely used repositories presents a long-term strategic threat, enabling future access to sensitive systems and proprietary information. Such attacks challenge the very notion of secure software delivery, forcing a re-evaluation of current verification and trust models.

megalodongithubsupply chain attackcybersecuritymalwaredeveloper securitythreat intelligence

📰 Primary Source: Securityweek