'Megalodon' Malware Infects Thousands of GitHub Repos TechTarget and Informa Tech’s Digital Business Combine.TechTarget and InformaTechTarget and Informa Tech’s Digital Business Combine.Together, we power an unparalleled network of 220+ online properties covering 10,000+ granular topics, serving an audience of 50+ million professionals with original, objective content from trusted sources. We help you gain critical insights and make more informed decisions across your business priorities.Dark Reading Resource LibraryBlack Hat NewsOmdia CybersecurityAdvertiseNewsletter Sign-UpNewsletter Sign-UpCybersecurity TopicsRelated TopicsApplication SecurityCybersecurity CareersCloud SecurityCyber RiskCyberattacks & Data BreachesCybersecurity AnalyticsCybersecurity OperationsData PrivacyEndpoint SecurityICS/OT SecurityIdentity & Access Mgmt SecurityInsider ThreatsIoTMobile SecurityPerimeterPhysical SecurityRemote WorkforceThreat IntelligenceVulnerabilities & ThreatsRecent in Cybersecurity TopicsApplication SecurityFeeding Frenzy: 'Megalodon' Malware Infects Thousands of GitHub ReposFeeding Frenzy: 'Megalodon' Malware Infects Thousands of GitHub ReposbyRob WrightMay 26, 20264 Min ReadApplication SecurityThe Hackers Behind Shai-Hulud: Lucky or Skilled?The Hackers Behind Shai-Hulud: Lucky or Skilled?byAlexander CulafiMay 26, 20265 Min ReadWorld Related TopicsDR GlobalMiddle East & AfricaAsia PacificLatin AmericaSee AllThe EdgeDR TechnologyEventsRelated TopicsUpcoming EventsPodcastsWebinarsSEE ALLResourcesRelated TopicsResource LibraryNewslettersPodcastsReportsVideosWebinarsWhite PapersAdvertise With Us About UsMeet the EditorsPartner PerspectivesDark Reading Resource LibraryHeard It From a CISOApplication SecurityCyberattacks & Data BreachesCyber RiskThreat IntelligenceNewsFeeding Frenzy: 'Megalodon' Malware Infects Thousands of GitHub ReposIn just six hours, the campaign quietly pushed thousands of malicious commits to more than 5,500 GitHub repositories, stealing credentials, developer secrets, and more.Rob Wright,Senior News Director,Dark ReadingMay 26, 20264 Min ReadSource: FlixPix via Alamy Stock PhotoThousands of GitHub repositories were poisoned with credential-stealing malware in the latest threat campaign to rock the beleaguered software supply chain.In a May 21 blog post, cybersecurity startup SafeDep flagged an automated malware campaign, codenamed "Megalodon," that unfolded on May 18 in a six-hour window. In that brief amount of time, Megalodon managed to push 5,718 malicious commits to 5,561 GitHub repositories.According to SafeDep, a threat actor used dummy accounts and forged author identities to inject GitHub Actions workflows with malicious payloads that exfiltrate CI/CD secrets, cloud credentials, SSH keys, OpenID Connect tokens, and source code secrets to a command-and-control (C2) server. The Megalodon campaign follows a series of attacks this year that have seemingly spread at a rapid pace and upended the software supply chain.Supply Chain Shark Hunts for SecretsMegalodon is composed of two payloads, according to SafeDep. The primary malware adds a malicious YAML file named "SysDiag" that adds a new workflow whenever a push or pull request is made. The more targeted, secondary payload replaces existing workflows with a "workflow-dispatch" trigger that acts as stealth backdoor that evades detection and doesn't generate visible CI runs until activated.Related:The Hackers Behind Shai-Hulud: Lucky or Skilled?"This makes the backdoor dormant. It creates no visible runs in the Actions tab, no failed builds, no red flags in CI history," the company stated in its blog, adding that an attacker can activate the backdoor through a GitHub API.SafeDep first spotted Megalodon when the company's Malysis engine detected malicious activity in a bundled GitHub Actions workflow file for an npm package, @tiledesk/[email protected], part of the open source chatbot platform Tiledesk. It turned out that Tiledesk had nine repositories that were backdoored, and the maintainers unknowingly published poisoned code to downstream users, inadvertently spreading Megalodon infections. It's unclear why the campaign lasted only six hours. Abhisek Datta, security engineer at SafeDep, tells Dark Reading that the research team didn't observe any time limitation behavior in the analysis of Megalodon."Our hypothesis is that the campaign leveraged valid credentials to infect the repositories," Datta says. "The credentials were likely obtained through earlier supply chain attacks targeting developers. The attackers most likely used all the credentials on their list during this time window."OX Security published additional research last week on Megalodon, confirming that approximately 3,500 GitHub repositories were carrying the malicious YAML file. Related:GitHub Confirms Breach, 4K Internal Repos Stolen"The number of infected repos actually decreased slightly since last week — from around 3,500 to around 2,900 —  but that means nearly 83% remain infected more than a week after the attack," Moshe Siman Tov Bustan, security research at OX and author of the blog post, tells Dark Reading. "The attack window itself was closed after roughly six hours, but GitHub has yet to fully clean up the affected repositories."Megalodon Connection to TeamPCP?The Megalodon campaign follows several high-profile supply chain attacks, many of which were the work of an emerging threat group known as TeamPCP. Megalodon's infections occurred a day before TeamPCP claimed responsibility for a massive breach at GitHub in which attackers stole code from approximately 4,000 internal repositories.Could Megalodon be the work of TeamPCP? Siman-Tov Bustan noted in his blog post that Megalodon-infected commits all feature a hardcoded date of Sept. 17, 2001, and fake bot identities, [email protected] or [email protected]. This, he wrote, is similar to the behavior observed in TeamPCP's self-leaked source code for the Shai-Hulud worm.But Siman Tov Busta says those are "surface-level similarities" and that there are currently no direct links, identifying indicators or compromise (IOCs), or claims of responsibility tying TeamPCP to Megalodon. "One indicator that could establish attribution would be the use of the same public key for encrypting stolen data across attacks, since only the group itself could decrypt it, that would be a meaningful signal," he says. "For now, the connection remains unconfirmed."Related:'Claw Chain' Vulnerabilities Threaten OpenClaw DeploymentsDatta agrees, saying there's no correlation of technical indicators, and the payload and tactics, techniques, and procedures (TTPs) look different, he says. "However, given our earlier hypothesis of leveraging stolen credentials in the [Megalodon] campaign, I would not completely rule out collaboration between TeamPCP and related groups sharing access."A collaboration with another cybercriminal outfit wouldn't be out of character for TeamPCP, which earlier this year formed an official alliance with Vect, an emerging ransomware gang. But at this stage, it's unclear who the attackers are, and what their ultimate goal may be.In the meantime, OX Security urged organizations to block any connections to Megalodon's C2 server; audit their GitHub repos for the malware, GitHUb actions, and malicious YAML files; and, if suspicious activity is detected, revoke and rotate all credentials, SSH keys, API keys, and other secrets.Click here for all of our DR20 content, which will be rolling out across the month of May. Keep checking back for new items! About the AuthorRob WrightSenior News Director, Dark ReadingRob Wright is a longtime reporter with more than 25 years of experience as a technology journalist. Prior to joining Dark Reading as senior news director, he spent more than a decade at TechTarget's SearchSecurity in various roles, including senior news director, executive editor and editorial director. Before that, he worked for several years at CRN, Tom's Hardware Guide, and VARBusiness Magazine covering a variety of technology beats and trends. Prior to becoming a technology journalist in 2000, he worked as a weekly and daily newspaper reporter in Virginia, where he won three Virginia Press Association awards in 1998 and 1999. At TechTarget and Dark Reading, he has won several Azbee awards, including the 2026 National Silver Award for a series on vibe coding. At Dark Reading, Rob currently covers security operations, cloud security, and Internet infrastructure. He has a keen interest in malvertising activity and the certificate authority industry, and has written extensively on both topics. He graduated from the University of Richmond in 1997 with a degree in journalism and English. A native of Massachusetts, he lives in the Boston area. See more from Rob WrightWant more Dark Reading stories in your Google search results?Add Us NowMore InsightsIndustry ReportsHow Organizations Are Managing Incident ResponseHow Enterprises Are Developing Secure ApplicationsInside RSAC 2026: security leaders reveal the risks redefining your defense strategyEssential News & Insights from Black Hat USA 2025How Enterprises Are Harnessing Emerging Technologies in CybersecurityAccess More ResearchWebinarsBuild vs. Buy: The Hidden Cost of Building Your Own AI Security StackDefending in the Shadow Era: When the CVE Feed Goes DarkBuilding SecOps That Make the Most of Every DollarAI-Powered Credential Security: Intelligence Without ExposureAI-Powered Cybersecurity for Resource-Constrained OrganizationsMore WebinarsEditor's ChoiceThreat IntelligenceFrom Stuxnet to ChatGPT: 20 News Events That Shaped CyberFrom Stuxnet to ChatGPT: 20 News Events That Shaped CyberbyDark Reading Editorial TeamMay 6, 202631 Min ReadCyber RiskPhysical Cargo Theft Gets a Boost From CybercriminalsPhysical Cargo Theft Gets a Boost From CybercriminalsbyRobert LemosMay 4, 20265 Min ReadWant more Dark Reading stories in your Google search results?Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.SubscribeRSAC 2026: key news & insightsAt RSAC 2026, Dark Reading captured critical intelligence on AI, new attack methods, geopolitics, and much moreGet Your RecapWebinarsBuild vs. Buy: The Hidden Cost of Building Your Own AI Security StackThurs, June 25, 2026, at 1pm ESTDefending in the Shadow Era: When the CVE Feed Goes DarkTues, June 16, 2026 at 1pm ESTBuilding SecOps That Make the Most of Every DollarThurs, July 9, 2026 at 1pm ESTAI-Powered Cybersecurity for Resource-Constrained OrganizationsThurs, June 18, 2026, at 1pm ESTAI-Powered Credential Security: Intelligence Without ExposureWed, June 17, 2026, at 1pm ESTMore WebinarsBlack Hat USA | Mandalay Bay, Las VegasThe premier cybersecurity event of the year returns to Mandalay Bay with a re‑engineered, six‑day program built to ignite innovation, push boundaries, and bring the global security community together like never before. Use code: DARKREADING to save $200 on a Briefings pass or $100 on a Business pass.GET YOUR PASSDiscover MoreBlack HatOmdiaWorking With UsAbout UsAdvertiseReprintsJoin UsNewsletter Sign-UpFollow UsCopyright © 2026 TechTarget, Inc. d/b/a Informa TechTarget. This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world’s technology buyers and sellers. All copyright resides with them. Informa PLC’s registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.’s registered office is 275 Grove St. Newton, MA 02466.Home|Cookie Policy|Privacy|Terms of UseYour Privacy Choices

A malware campaign codenamed Megalodon significantly impacted the software supply chain by infecting thousands of GitHub repositories within a six-hour window, resulting in the theft of sensitive development secrets. This operation involved pushing malicious commits to more than 5,500 repositories, compromising credentials, developer secrets, cloud credentials, SSH keys, OpenID Connect tokens, and source code secrets, all of which were exfiltrated to a command-and-control server. The attack methodology involved threat actors utilizing dummy accounts and forged author identities to inject malicious payloads into GitHub Actions workflows.

SafeDep first detected this campaign when their Malysis engine identified malicious activity within a bundled GitHub Actions workflow file for the open source chatbot platform Tiledesk, revealing that nine repositories were compromised. The malware consisted of two primary components; the initial payload included a malicious YAML file named "SysDiag" designed to introduce a new workflow upon any push or pull request. A secondary, more stealthy payload replaced existing workflows with a "workflow-dispatch" trigger, which functioned as an undetectable backdoor, preventing visible CI runs while allowing attackers to activate the backdoor via the GitHub API.

The research team hypothesized that the campaign leveraged valid credentials obtained from prior supply chain attacks targeting developers, suggesting an opportunity for attackers to use a list of stolen credentials during the brief six-hour window. Subsequent research by OX Security confirmed that approximately 3,500 repositories were carrying the malicious YAML file; however, the number of infected repositories saw a slight decrease to around 2,900, indicating that nearly 83 percent of the affected repositories remained compromised more than a week after the attack. Although the attack window was closed, GitHub has not fully resolved the security issue across the affected repositories.

The Megalodon campaign bears some superficial resemblance to attacks attributed to the threat group TeamPCP, which previously claimed responsibility for a substantial breach at GitHub involving the theft of approximately 4,000 internal repositories. Researchers noted similarities, such as the use of hardcoded dates and fake bot identities in the commits, but found no direct technical indicators or confirmed attribution linking Megalodon to TeamPCP. Despite the lack of confirmed links, the hypothesis remains that collaboration between TeamPCP and related groups sharing access, facilitated by the use of stolen credentials, cannot be entirely ruled out. Consequently, OX Security advised organizations to immediately block connections to Megalodon's C2 server, conduct thorough audits of their GitHub repositories for the malware, and promptly revoke and rotate all associated credentials, SSH keys, and other secrets.