Megalodon Cyberattack Compromises 5,561 GitHub Repositories with Malicious CI/CD Workflows
A recent automated cyber campaign, dubbed Megalodon, has alarmingly pushed 5,718 malicious commits across 5,561 GitHub repositories within a mere six-hour timeframe. This incident underscores the growing sophistication of supply chain attacks targeting software development environments.
The Mechanics of the Attack
Cybersecurity researchers have detailed how attackers utilized disposable accounts and forged author identities—such as build-bot, auto-ci, ci-bot, and pipeline-bot—to inject malicious GitHub Actions workflows. These workflows contained base64-encoded bash payloads designed to exfiltrate critical continuous integration (CI) secrets, cloud credentials, SSH keys, OpenID Connect (OIDC) tokens, and source code secrets to a command-and-control (C2) server located at 216.126.225[.]129:8443.
The data harvested by the malware includes:
- CI environment variables and process environment data
- Amazon Web Services (AWS) credentials
- Google Cloud access tokens
- Instance role credentials from AWS IMDSv2, Google Cloud metadata, and Microsoft Azure Instance Metadata Service (IMDS)
- SSH private keys
- Docker and Kubernetes configurations
- Vault tokens and Terraform credentials
- Shell history
- API keys, database connection strings, JSON Web Tokens (JWTs), PEM private keys, and cloud tokens matching over 30 secret regular expression patterns
- GitHub Actions OIDC token request URLs and tokens
- GITHUB_TOKEN, GitLab CI/CD tokens, and Bitbucket tokens
- Configuration files such as .env files, credentials.json, and service-account.json
One notable victim of this attack is the package @tiledesk/tiledesk-server, which was found to contain a Base64-encoded bash payload embedded within its GitHub Actions workflow file. The malicious commits were executed between 11:36 a.m. and 5:48 p.m. UTC on May 18, 2026.
Evasive Tactics and Payload Variants
The attackers employed a strategy of rotating through four author names and seven commit messages, all designed to mimic routine CI maintenance. They utilized throwaway GitHub accounts with random eight-character usernames and configured git to forge author identities, pushing changes via compromised personal access tokens (PATs) or deploy keys.
Two distinct payload variants emerged during this campaign: SysDiag, a mass variant that triggers on every push and pull request, and Optimize-Build, a targeted variant that activates only on the workflow_dispatch event, allowing users to manually run workflows. The latter approach was specifically used to target CI/CD runners, avoiding execution during the installation of the npm package.
The trade-off between reach and operational security was evident. While the on: push trigger would ensure execution on every commit to the master branch, the workflow_dispatch method limited exposure but still posed significant risks. With over 5,700 repositories compromised, even a small number yielding usable GITHUB_TOKENs could provide the attackers with sufficient targets for on-demand triggering.
Implications for the Software Development Ecosystem
The implications of the Megalodon attack extend beyond immediate data theft. This incident marks a significant escalation in the realm of supply chain attacks, with experts warning that we have entered a new era of cyber threats. Moshe Siman Tov Bustan from OX Security remarked that the compromise of GitHub by TeamPCP is merely the beginning of an ongoing wave of cyber attacks targeting developers globally.
The TeamPCP group has been linked to a broader strategy of weaponizing the interconnected software supply chain, corrupting numerous open-source tools and extorting victims for financial gain. Microsoft-owned GitHub has become the latest addition to a growing list of targets, which includes organizations like TanStack, Grafana Labs, OpenAI, and Mistral AI.
The cyclical exploitation of popular open-source projects, where one compromise leads to another, has allowed malware to proliferate rapidly. TeamPCP appears to be financially motivated, having established partnerships with various extortion groups, including BreachForums, LAPSUS$, and VECT.
Geopolitical Dimensions and Industry Response
The geopolitical motivations behind some of TeamPCP’s attacks have also been highlighted, particularly their deployment of wiper malware upon detecting systems in Iran and Israel. This adds a layer of complexity to the threat landscape, as nation-state actors may leverage similar tactics for their own objectives.
In response to the escalating threat posed by TeamPCP and the Mini Shai-Hulud worm, npm has taken preventive measures by invalidating granular access tokens that bypass two-factor authentication (2FA). The organization is also advocating for users to adopt Trusted Publishing to minimize reliance on such tokens.
Socket, an application security firm, noted that by revoking all bypass-2FA tokens, npm effectively cuts off the credentials previously harvested by the worm. While this reset provides temporary relief, it does not address the underlying vulnerabilities that allowed the attack to occur.
Emerging Threats in Package Management
In a related development, a throwaway account named polymarketdev was discovered to have published nine malicious npm packages impersonating Polymarket trading CLI tools within a 30-second window. These packages were designed to steal victims’ Ethereum and Polygon private keys through a deceptive postinstall script.
The malicious script prompts users to enter their private keys under the guise of a secure wallet onboarding process, claiming that the information remains encrypted. The raw keys are then transmitted in plaintext to a Cloudflare Worker endpoint.
This incident illustrates how attackers are increasingly leveraging social engineering tactics to mask credential theft operations, further complicating the security landscape for developers.
For further details on the Megalodon attack, refer to the original reporting source: thehackernews.com.
Keep reading for the latest cybersecurity developments, threat intelligence and breaking updates from across the Middle East.
