Feeding Frenzy: 'Megalodon' Malware Infects Thousands of GitHub Repos

'Megalodon' Malware Infects Thousands of GitHub Repos

Newsletter Sign-UpNewsletter Sign-UpCybersecurity TopicsRelated TopicsApplication SecurityCybersecurity CareersCloud SecurityCyber RiskCyberattacks & Data BreachesCybersecurity AnalyticsCybersecurity OperationsData PrivacyEndpoint SecurityICS/OT SecurityIdentity & Access Mgmt SecurityInsider ThreatsIoTMobile SecurityPerimeterPhysical SecurityRemote WorkforceThreat IntelligenceVulnerabilities & ThreatsRecent in Cybersecurity TopicsApplication SecurityThe Hackers Behind Shai-Hulud: Lucky or Skilled?The Hackers Behind Shai-Hulud: Lucky or Skilled?byAlexander CulafiMay 26, 20265 Min ReadEndpoint SecurityChina's Webworm Uses Discord, Microsoft Graphs to Hack EU GovernmentsChina's Webworm Uses Discord, Microsoft Graphs to Hack EU GovernmentsbyAlexander CulafiMay 22, 20264 Min ReadWorld Related TopicsDR GlobalMiddle East & AfricaAsia PacificLatin AmericaSee AllThe EdgeDR TechnologyEventsRelated TopicsUpcoming EventsPodcastsWebinarsSEE ALLResourcesRelated TopicsResource LibraryNewslettersPodcastsReportsVideosWebinarsWhite PapersAdvertise With Us About UsMeet the EditorsPartner PerspectivesDark Reading Resource LibraryApplication SecurityCyberattacks & Data BreachesCyber RiskThreat IntelligenceNewsFeeding Frenzy: 'Megalodon' Malware Infects Thousands of GitHub ReposIn just six hours, the campaign quietly pushed thousands of malicious commits to more than 5,500 GitHub repositories, stealing credentials, developer secrets, and more.Rob Wright,Senior News Director,Dark ReadingMay 26, 20264 Min ReadSource: FlixPix via Alamy Stock PhotoThousands of GitHub repositories were poisoned with credential-stealing malware in the latest threat campaign to rock the beleaguered software supply chain.In a May 21 blog post, cybersecurity startup SafeDep flagged an automated malware campaign, codenamed "Megalodon," that unfolded on May 18 in a six-hour window. In that brief amount of time, Megalodon managed to push 5,718 malicious commits to 5,561 GitHub repositories.According to SafeDep, a threat actor used dummy accounts and forged author identities to inject GitHub Actions workflows with malicious payloads that exfiltrate CI/CD secrets, cloud credentials, SSH keys, OpenID Connect tokens, and source code secrets to a command-and-control (C2) server. The Megalodon campaign follows a series of attacks this year that have seemingly spread at a rapid pace and upended the software supply chain.Supply Chain Shark Hunts for SecretsMegalodon is composed of two payloads, according to SafeDep. The primary malware adds a malicious YAML file named "SysDiag" that adds a new workflow whenever a push or pull request is made. The more targeted, secondary payload replaces existing workflows with a "workflow-dispatch" trigger that acts as stealth backdoor that evades detection and doesn't generate visible CI runs until activated.Related:The Hackers Behind Shai-Hulud: Lucky or Skilled?"This makes the backdoor dormant. It creates no visible runs in the Actions tab, no failed builds, no red flags in CI history," the company stated in its blog, adding that an attacker can activate the backdoor through a GitHub API.SafeDep first spotted Megalodon when the company's Malysis engine detected malicious activity in a bundled GitHub Actions workflow file for an npm package, @tiledesk/[email protected], part of the open source chatbot platform Tiledesk. It turned out that Tiledesk had nine repositories that were backdoored, and the maintainers unknowingly published poisoned code to downstream users, inadvertently spreading Megalodon infections. It's unclear why the campaign lasted only six hours. Abhisek Datta, security engineer at SafeDep, tells Dark Reading that the research team didn't observe any time limitation behavior in the analysis of Megalodon."Our hypothesis is that the campaign leveraged valid credentials to infect the repositories," Datta says. "The credentials were likely obtained through earlier supply chain attacks targeting developers. The attackers most likely used all the credentials on their list during this time window."OX Security published additional research last week on Megalodon, confirming that approximately 3,500 GitHub repositories were carrying the malicious YAML file. Related:GitHub Confirms Breach, 4K Internal Repos Stolen"The number of infected repos actually decreased slightly since last week — from around 3,500 to around 2,900 —  but that means nearly 83% remain infected more than a week after the attack," Moshe Siman Tov Bustan, security research at OX and author of the blog post, tells Dark Reading. "The attack window itself was closed after roughly six hours, but GitHub has yet to fully clean up the affected repositories."Megalodon Connection to TeamPCP?The Megalodon campaign follows several high-profile supply chain attacks, many of which were the work of an emerging threat group known as TeamPCP. Megalodon's infections occurred a day before TeamPCP claimed responsibility for a massive breach at GitHub in which attackers stole code from approximately 4,000 internal repositories.Could Megalodon be the work of TeamPCP? Siman-Tov Bustan noted in his blog post that Megalodon-infected commits all feature a hardcoded date of Sept. 17, 2001, and fake bot identities, [email protected] or [email protected]. This, he wrote, is similar to the behavior observed in TeamPCP's self-leaked source code for the Shai-Hulud worm.But Siman Tov Busta says those are "surface-level similarities" and that there are currently no direct links, identifying indicators or compromise (IOCs), or claims of responsibility tying TeamPCP to Megalodon. "One indicator that could establish attribution would be the use of the same public key for encrypting stolen data across attacks, since only the group itself could decrypt it, that would be a meaningful signal," he says. "For now, the connection remains unconfirmed."Related:'Claw Chain' Vulnerabilities Threaten OpenClaw DeploymentsDatta agrees, saying there's no correlation of technical indicators, and the payload and tactics, techniques, and procedures (TTPs) look different, he says. "However, given our earlier hypothesis of leveraging stolen credentials in the [Megalodon] campaign, I would not completely rule out collaboration between TeamPCP and related groups sharing access."A collaboration with another cybercriminal outfit wouldn't be out of character for TeamPCP, which earlier this year formed an official alliance with Vect, an emerging ransomware gang. But at this stage, it's unclear who the attackers are, and what their ultimate goal may be.In the meantime, OX Security urged organizations to block any connections to Megalodon's C2 server; audit their GitHub repos for the malware, GitHUb actions, and malicious YAML files; and, if suspicious activity is detected, revoke and rotate all credentials, SSH keys, API keys, and other secrets.Click here for all of our DR20 content, which will be rolling out across the month of May. Keep checking back for new items! About the AuthorRob WrightSenior News Director, Dark ReadingRob Wright is a longtime reporter with more than 25 years of experience as a technology journalist. Prior to joining Dark Reading as senior news director, he spent more than a decade at TechTarget's SearchSecurity in various roles, including senior news director, executive editor and editorial director. Before that, he worked for several years at CRN, Tom's Hardware Guide, and VARBusiness Magazine covering a variety of technology beats and trends. Prior to becoming a technology journalist in 2000, he worked as a weekly and daily newspaper reporter in Virginia, where he won three Virginia Press Association awards in 1998 and 1999. At TechTarget and Dark Reading, he has won several Azbee awards, including the 2026 National Silver Award for a series on vibe coding. At Dark Reading, Rob currently covers security operations, cloud security, and Internet infrastructure. He has a keen interest in malvertising activity and the certificate authority industry, and has written extensively on both topics. He graduated from the University of Richmond in 1997 with a degree in journalism and English. A native of Massachusetts, he lives in the Boston area. See more from Rob WrightWant more Dark Reading stories in your Google search results?Add Us NowMore InsightsIndustry ReportsHow Organizations Are Managing Incident ResponseHow Enterprises Are Developing Secure ApplicationsInside RSAC 2026: security leaders reveal the risks redefining your defense strategyEssential News & Insights from Black Hat USA 2025How Enterprises Are Harnessing Emerging Technologies in CybersecurityAccess More ResearchWebinarsBuild vs. Buy: The Hidden Cost of Building Your Own AI Security StackDefending in the Shadow Era: When the CVE Feed Goes DarkBuilding SecOps That Make the Most of Every DollarAI-Powered Cybersecurity for Resource-Constrained OrganizationsAI-Powered Credential Security: Intelligence Without ExposureMore WebinarsEditor's ChoiceThreat IntelligenceFrom Stuxnet to ChatGPT: 20 News Events That Shaped CyberFrom Stuxnet to ChatGPT: 20 News Events That Shaped CyberbyDark Reading Editorial TeamMay 6, 202631 Min ReadCyber RiskPhysical Cargo Theft Gets a Boost From CybercriminalsPhysical Cargo Theft Gets a Boost From CybercriminalsbyRobert LemosMay 4, 20265 Min ReadWant more Dark Reading stories in your Google search results?Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.SubscribeRSAC 2026: key news & insightsAt RSAC 2026, Dark Reading captured critical intelligence on AI, new attack methods, geopolitics, and much moreGet Your RecapWebinarsBuild vs. Buy: The Hidden Cost of Building Your Own AI Security StackThurs, June 25, 2026, at 1pm ESTDefending in the Shadow Era: When the CVE Feed Goes DarkTues, June 16, 2026 at 1pm ESTBuilding SecOps That Make the Most of Every DollarThurs, J