Megalodon GitHub Malware Infects 5,500+ Repositories via Fake CI/CD Commits

Security researchers discovered a new automated attack campaign called Megalodon that has infected over 5,500 GitHub repositories by injecting malicious commits disguised as routine CI/CD automation. The malware targets developers’ cloud credentials, SSH keys, and DevOps secrets stored inside their continuous integration pipelines.

Megalodon GitHub Malware

SafeDep researchers published their findings on the campaign, and OX Security researcher Moshe Siman Tov Bustan confirmed the attack in a separate technical analysis. Both firms say the attack is ongoing, and the number of compromised repositories continues to rise.

What Is Megalodon?

Megalodon is a worm-like malware that spreads through GitHub repositories by submitting malicious commits from a fake bot identity. The attack impersonates a legitimate automated build process, which makes it easy to miss during a routine code review.

The campaign closely resembles TeamPCP, a threat actor that previously poisoned around 3,800 GitHub repositories in a separate supply chain attack. However, security researchers believe Megalodon is the work of a different actor who copied TeamPCP’s methods rather than an extension of that campaign.

How Megalodon Malware Spreads Through GitHub Repositories

The attacker pushes commits from two fake email addresses: [email protected] and [email protected]. Both use commit messages like “ci: add build optimization step” to blend in with normal CI activity. There is no linked GitHub account for either identity, and the attacker likely used a compromised Personal Access Token (PAT) or deploy key to push directly to the main branch without a pull request.

SafeDep traced all 5,561 malicious commits to a six-hour window on May 18, between 11:36 and 17:48 UTC. The two fake identities together submitted 5,719 commits across the affected repositories.

Once a repository owner merges the commit, the malicious YAML file activates inside their CI/CD pipeline. The malware then propagates to other repositories in a worm-like pattern.

Each commit also uses a hardcoded date of September 17, 2001, a tactic that mirrors TeamPCP’s leaked source code, where the fake commit date was set to January 2099.

What Megalodon Steals

Megalodon targets a wide range of developer secrets from the infected CI/CD environment:

  • AWS secret keys, access tokens, and instance role credentials
  • Google Cloud Platform access tokens and metadata credentials
  • Azure instance role credentials
  • SSH private keys
  • Docker and Kubernetes configurations
  • HashiCorp Vault tokens
  • Terraform credentials
  • npm and PyPI tokens
  • Slack API keys
  • GitHub Actions tokens and Bitbucket tokens
  • Bash history and local environment variables

The malware uses a Base64-encoded regex pattern with over 30 rules to scan source code for additional secrets. It then sends everything to a command-and-control (C2) server at 216[.]126[.]225[.]129 with “megalodon” as an identifier parameter, using a standard HTTP POST request.

The Tiledesk Incident: How End Users Got Hit

SafeDep spotted Megalodon hiding inside Tiledesk, an open-source live chat and chatbot platform hosted on GitHub. Versions 2.18.6 through 2.18.12, published to npm between May 19 and May 21, all carried the backdoor.

The Tiledesk maintainer unknowingly published the compromised versions because the attacker never touched the npm account directly. The attacker compromised the Tiledesk GitHub repository, and the maintainer published from the poisoned source without realizing it. The malicious commit (acac5a9) is visible in the Tiledesk server repository.

This scenario shows how a supply chain attack can reach end users without any direct compromise of the npm publishing account. The last clean version, 2.18.5, came from the same maintainer account, which makes the poisoned versions even harder to detect.

Beyond Tiledesk, SafeDep confirmed nine of its repositories were compromised, along with Black-Iron-Project (eight repos), WISE-Community, and hundreds of smaller repositories across the platform.

Megalodon vs. TeamPCP: Are They Connected?

TeamPCP, the group responsible for earlier GitHub and npm supply chain attacks, recently opened a “supply chain attack competition” on BreachForums and released its Shai-Hulud worm as open-source code. Researchers considered whether Megalodon was a contest entry.

OX Security ruled that out. The contest required participants to embed a public encryption key in their malware so TeamPCP could verify authorship with a matching private key. Megalodon does not include this key.

Bustan concluded: “Our best guess now is that it’s a different threat actor copying their behavior and style, but not much of the code itself.”

In other words, TeamPCP’s public activity appears to have directly inspired copycat campaigns, and Megalodon is likely the first of several.

How to Remove Megalodon Malware and Secure Your GitHub Repositories

If you maintain GitHub repositories with CI/CD pipelines, take these steps immediately.

1. Block the C2 server: Block all outbound connections to 216[.]126[.]225[.]129 at your firewall or network perimeter.

2. Audit your CI/CD YAML files: Search your repositories for the Base64 string Q0I9Imh0dHA6Ly8yMTYu. Any YAML file containing this string carries the infection. OX Security’s analysis includes a GitHub code search link for this pattern.

3. Rotate all credentials immediately: Revoke and reissue every secret, SSH key, API token, and cloud access key on any machine that ran the malicious pipeline. Treat all CI/CD variables on affected machines as fully compromised.

4. Review recent commits: Check for any commits authored by [email protected] or [email protected]. Neither address should appear in legitimate CI history.

5. Audit Personal Access Tokens and deploy keys: Review all active PATs and deploy keys on your GitHub organization. Revoke anything unused or unrecognized.

6. Check the compromised repository list: SafeDep published a full list of infected repositories. Verify whether any of your dependencies appear on that list.

A Broader Shift in Attack Strategy

Bustan described the current wave as the start of something larger: “We’ve entered a new supply chain attack era, and TeamPCP compromising GitHub was only the beginning. What’s coming next is an endless wave, a tsunami of cyber attacks on developers worldwide.”

Hacking GitHub does not just affect individual developers. Every company with a private repository on the platform faces exposure if a dependency or shared tool gets compromised.

This attack pattern is not new. The Notepad++ update system was hijacked in a months-long supply chain attack that exploited hosting infrastructure rather than the application itself. Attackers consistently use trusted developer workflows to move malware downstream to unsuspecting users.

npm responded to recent supply chain attacks by invalidating granular access tokens that bypass two-factor authentication. Bustan acknowledged that this step helps against account hijacking but does not stop malicious code from reaching npm’s servers in the first place.

Until GitHub and npm implement proactive code vetting before any package or commit reaches their infrastructure, campaigns like Megalodon will keep arriving.

Related Cybersecurity Guides

Leave a Comment

Comments

No comments yet. Why don’t you start the discussion?

    Leave a Reply