CyberSecurity News

Megalodon Malware Breached 5,50 Compromised GitHub

On May 18, 2026, a widespread automated supply chain attack, dubbed “Megalodon,” compromised GitHub, injecting malicious CI/CD backdoors into more than 5,500 repositories. The incident unfolded in...

Jennifer sherman
Jennifer sherman
May 22, 2026 3 Min Read
19 0

On May 18, 2026, a widespread automated supply chain attack, dubbed “Megalodon,” compromised GitHub, injecting malicious CI/CD backdoors into more than 5,500 repositories. The incident unfolded in under six hours, marking it as one of the most aggressive GitHub Actions poisoning campaigns ever documented.

Table Of Content

SafeDep discovered that between approximately 11:36 and 17:48 UTC on May 18, 2026, the Megalodon campaign pushed 5,718 malicious commits to 5,561 GitHub repositories using throwaway accounts with randomized eight-character usernames.

The attacker forged author identities build-bot, auto-ci, ci-bot, pipeline-bot, with emails [email protected] and [email protected], mimicking routine automated CI maintenance.

Commit messages such as “ci: add build optimization step” and “chore: optimize pipeline runtime” were deliberately designed to evade casual code review.

Megalodon Payload Variants

The campaign deployed two distinct GitHub Actions workflow variants sharing the same C2 server at 216.126.225.129:8443:

  • SysDiag (Mass Variant): Added a new .github/workflows/ci.yml file triggering on every push and pull_request_target, ensuring automated execution on any commit across all branches
  • Optimize-Build (Targeted Variant): Replaced existing workflows with a workflow_dispatch trigger, creating a dormant backdoor that the attacker can silently activate on demand via the GitHub API — producing zero visible CI runs and no failed builds.

Both variants requested elevated permissions: id-token: write and actions: read, enabling OIDC token theft for cloud identity impersonation.

The base64-encoded bash payload — a 111-line script — conducted aggressive, multi-phase credential harvesting once triggered:

  • All CI environment variables, /proc/*/environ, and PID 1 environment data
  • AWS credentials (access keys, secret keys, session tokens) across all configured profiles
  • GCP access tokens via gcloud auth print-access-token
  • Live credentials from AWS IMDSv2, GCP metadata, and Azure IMDS endpoints
  • SSH private keys, Docker auth configs, .npmrc, .netrc, Kubernetes configs, Vault tokens, and Terraform credentials
  • Source code grep-scanned against 30+ regex patterns targeting API keys, JWTs, database connection strings, PEM keys, and cloud tokens
  • GitHub Actions OIDC tokens enabling direct cloud identity impersonation

The attack’s most critical downstream impact targeted Tiledesk, an open-source live chat platform. The attacker compromised the GitHub repository and replaced the legitimate Docker build workflow with the Optimize-Build backdoor via commit acac5a9.

The maintainer, unaware that the repository was poisoned, subsequently published @tiledesk/tiledesk-server versions 2.18.6 through 2.18.12 to npm, propagating the backdoor to the package registry. Application code remained untouched; only the workflow file changed.

Indicators of Compromise (IoC)

Indicator Value
C2 Server hxxp://216[.]126[.]225[.]129:8443
Campaign ID megalodon
Author Emails build-system@noreply[.]dev, ci-bot@automated[.]dev
Author Names build-bot, auto-ci, ci-bot, pipeline-bot
Mass Workflow .github/workflows/ci.yml (SysDiag)
Targeted Workflow Optimize-Build (workflow_dispatch)
Affected npm Versions @tiledesk/tiledesk-server 2.18.6–2.18.12
Malicious Commit acac5a9854650c4ae2883c4740bf87d34120c038
Note: IP addresses and domains are intentionally defanged (e.g., [.]) to prevent accidental resolution or hyperlinking. Re-fang only within controlled threat intelligence platforms such as MISP, VirusTotal, or your SIEM.

Mitigations

Organizations should act immediately if any repository receives a commit from build-system@noreply[.]dev or ci-bot@automated[.]dev on May 18, 2026:

  1. Revert the malicious commit and audit all .github/workflows/ files
  2. Rotate all secrets accessible to GitHub Actions runners — tokens, API keys, SSH keys, cloud credentials
  3. Audit cloud logs for anomalous OIDC token requests from unknown workflow runs
  4. Check the Actions tab for unexpected workflow_dispatch executions
  5. Pin GitHub Actions to specific commit SHAs rather than mutable version tags
  6. Implement workflow approval gates for pull requests from external contributors

SafeDep’s Malysis engine first flagged the campaign after detecting the base64-encoded payload inside a bundled workflow file in @tiledesk/[email protected] — underscoring the value of automated supply chain scanning tools in catching attacks that bypass traditional code review.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackBreachMalwarePatchThreat

Share Article

Jennifer sherman

Jennifer sherman

Jennifer is a cybersecurity news reporter covering data breaches, ransomware campaigns, and dark web markets. With a background in incident response, Jennifer provides unique insights into how organizations respond to cyber attacks and the evolving tactics of threat actors. Her reporting has covered major breaches affecting millions of users and has helped organizations understand emerging threats. Jennifer combines technical knowledge with investigative journalism to deliver in-depth coverage of cybersecurity incidents.

No Comment! Be the first one.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts