Thousands of GitHub repositories were poisoned with credential-stealing malware in the latest threat campaign to rock the beleaguered software supply chain.
In a May 21 blog post, cybersecurity startup SafeDep flagged an automated malware campaign, codenamed “Megalodon,” that unfolded on May 18 in a six-hour window. In that brief amount of time, Megalodon managed to push 5,718 malicious commits to 5,561 GitHub repositories.
According to SafeDep, a threat actor used dummy accounts and forged author identities to inject GitHub Actions workflows with malicious payloads that exfiltrate CI/CD secrets, cloud credentials, SSH keys, OpenID Connect tokens, and source code secrets to a command-and-control (C2) server.
The Megalodon campaign follows a series of attacks this year that have seemingly spread at a rapid pace and upended the software supply chain.
Supply Chain Shark Hunts for Secrets
Megalodon is composed of two payloads, according to SafeDep. The primary malware adds a malicious YAML file named “SysDiag” that adds a new workflow whenever a push or pull request is made. The more targeted, secondary payload replaces existing workflows with a “workflow-dispatch” trigger that acts as stealth backdoor that evades detection and doesn’t generate visible CI runs until activated.
“This makes the backdoor dormant. It creates no visible runs in the Actions tab, no failed builds, no red flags in CI history,” the company stated in its blog, adding that an attacker can activate the backdoor through a GitHub API.
SafeDep first spotted Megalodon when the company’s Malysis engine detected malicious activity in a bundled GitHub Actions workflow file for an npm package, @tiledesk/[email protected], part of the open source chatbot platform Tiledesk. It turned out that Tiledesk had nine repositories that were backdoored, and the maintainers unknowingly published poisoned code to downstream users, inadvertently spreading Megalodon infections.
It’s unclear why the campaign lasted only six hours. Abhisek Datta, security engineer at SafeDep, tells Dark Reading that the research team didn’t observe any time limitation behavior in the analysis of Megalodon.
“Our hypothesis is that the campaign leveraged valid credentials to infect the repositories,” Datta says. “The credentials were likely obtained through earlier supply chain attacks targeting developers. The attackers most likely used all the credentials on their list during this time window.”
OX Security published additional research last week on Megalodon, confirming that approximately 3,500 GitHub repositories were carrying the malicious YAML file.
“The number of infected repos actually decreased slightly since last week — from around 3,500 to around 2,900 — but that means nearly 83% remain infected more than a week after the attack,” Moshe Siman Tov Bustan, security research at OX and author of the blog post, tells Dark Reading. “The attack window itself was closed after roughly six hours, but GitHub has yet to fully clean up the affected repositories.”
Megalodon Connection to TeamPCP?
The Megalodon campaign follows several high-profile supply chain attacks, many of which were the work of an emerging threat group known as TeamPCP. Megalodon’s infections occurred a day before TeamPCP claimed responsibility for a massive breach at GitHub in which attackers stole code from approximately 4,000 internal repositories.
Could Megalodon be the work of TeamPCP? Siman-Tov Bustan noted in his blog post that Megalodon-infected commits all feature a hardcoded date of Sept. 17, 2001, and fake bot identities, [email protected] or [email protected]. This, he wrote, is similar to the behavior observed in TeamPCP’s self-leaked source code for the Shai-Hulud worm.
But Siman Tov Busta says those are “surface-level similarities” and that there are currently no direct links, identifying indicators or compromise (IOCs), or claims of responsibility tying TeamPCP to Megalodon. “One indicator that could establish attribution would be the use of the same public key for encrypting stolen data across attacks, since only the group itself could decrypt it, that would be a meaningful signal,” he says. “For now, the connection remains unconfirmed.”
Datta agrees, saying there’s no correlation of technical indicators, and the payload and tactics, techniques, and procedures (TTPs) look different, he says. “However, given our earlier hypothesis of leveraging stolen credentials in the [Megalodon] campaign, I would not completely rule out collaboration between TeamPCP and related groups sharing access.”
A collaboration with another cybercriminal outfit wouldn’t be out of character for TeamPCP, which earlier this year formed an official alliance with Vect, an emerging ransomware gang. But at this stage, it’s unclear who the attackers are, and what their ultimate goal may be.
In the meantime, OX Security urged organizations to block any connections to Megalodon’s C2 server; audit their GitHub repos for the malware, GitHUb actions, and malicious YAML files; and, if suspicious activity is detected, revoke and rotate all credentials, SSH keys, API keys, and other secrets.
Click here for all of our DR20 content, which will be rolling out across the month of May. Keep checking back for new items!

Comments are closed