A sweeping automated provide chain assault codenamed “Megalodon” struck GitHub on Might 18, 2026, injecting malicious CI/CD backdoors into over 5,500 repositories in lower than six hours, marking one of the vital aggressive GitHub Actions poisoning campaigns ever recorded.
SafeDep found that between roughly 11:36 and 17:48 UTC on Might 18, 2026, the Megalodon marketing campaign pushed 5,718 malicious commits to five,561 GitHub repositories utilizing throwaway accounts with randomized eight-character usernames.
The attacker solid creator identities build-bot, auto-ci, ci-bot, pipeline-bot, with emails build-system@noreply.dev and ci-bot@automated.dev, mimicking routine automated CI upkeep.
Commit messages similar to “ci: add construct optimization step” and “chore: optimize pipeline runtime” have been intentionally designed to evade informal code evaluation.
Megalodon Payload Variants
The marketing campaign deployed two distinct GitHub Actions workflow variants sharing the identical C2 server at 216.126.225.129:8443:
- SysDiag (Mass Variant): Added a brand new
.github/workflows/ci.ymlfile triggering on eachpushandpull_request_target, guaranteeing automated execution on any commit throughout all branches - Optimize-Construct (Focused Variant): Changed current workflows with a
workflow_dispatchset off, making a dormant backdoor that the attacker can silently activate on demand through the GitHub API — producing zero seen CI runs and no failed builds.
Each variants requested elevated permissions: id-token: write and actions: learn, enabling OIDC token theft for cloud identification impersonation.
The base64-encoded bash payload — a 111-line script — performed aggressive, multi-phase credential harvesting as soon as triggered:
- All CI surroundings variables,
/proc/*/environ, and PID 1 surroundings information - AWS credentials (entry keys, secret keys, session tokens) throughout all configured profiles
- GCP entry tokens through
gcloud auth print-access-token - Stay credentials from AWS IMDSv2, GCP metadata, and Azure IMDS endpoints
- SSH personal keys, Docker auth configs,
.npmrc,.netrc, Kubernetes configs, Vault tokens, and Terraform credentials - Supply code grep-scanned towards 30+ regex patterns focusing on API keys, JWTs, database connection strings, PEM keys, and cloud tokens
- GitHub Actions OIDC tokens enabling direct cloud identification impersonation
The assault’s most important downstream affect focused Tiledesk, an open-source stay chat platform. The attacker compromised the GitHub repository and changed the legit Docker construct workflow with the Optimize-Construct backdoor through commit acac5a9.
The maintainer, unaware that the repository was poisoned, subsequently printed @tiledesk/tiledesk-server variations 2.18.6 via 2.18.12 to npm, propagating the backdoor to the bundle registry. Software code remained untouched; solely the workflow file modified.
Indicators of Compromise (IoC)
| Indicator | Worth |
|---|---|
| C2 Server | hxxp://216[.]126[.]225[.]129:8443 |
| Marketing campaign ID | megalodon |
| Writer Emails | build-system@noreply[.]dev, ci-bot@automated[.]dev |
| Writer Names | build-bot, auto-ci, ci-bot, pipeline-bot |
| Mass Workflow | .github/workflows/ci.yml (SysDiag) |
| Focused Workflow | Optimize-Construct (workflow_dispatch) |
| Affected npm Variations | @tiledesk/tiledesk-server 2.18.6–2.18.12 |
| Malicious Commit | acac5a9854650c4ae2883c4740bf87d34120c038 |
[.]) to forestall unintended decision or hyperlinking. Re-fang solely inside managed menace intelligence platforms similar to MISP, VirusTotal, or your SIEM.Mitigations
Organizations ought to act instantly if any repository receives a commit from build-system@noreply[.]dev or ci-bot@automated[.]dev on Might 18, 2026:
- Revert the malicious commit and audit all
.github/workflows/recordsdata - Rotate all secrets and techniques accessible to GitHub Actions runners — tokens, API keys, SSH keys, cloud credentials
- Audit cloud logs for anomalous OIDC token requests from unknown workflow runs
- Examine the Actions tab for sudden
workflow_dispatchexecutions - Pin GitHub Actions to particular commit SHAs quite than mutable model tags
- Implement workflow approval gates for pull requests from exterior contributors
SafeDep’s Malysis engine first flagged the marketing campaign after detecting the base64-encoded payload inside a bundled workflow file in @tiledesk/tiledesk-server@2.18.12 — underscoring the worth of automated provide chain scanning instruments in catching assaults that bypass conventional code evaluation.
Observe us on Google Information, LinkedIn, and X to Get Extra Immediate Updates.
![Pinterest](https://pinterest.com/pin/create/button/?url=https://nirmalnews.com/megalodon-malware-compromised-5500-github-repos-inside-6-hours/&media=https://nirmalnews.com/wp-content/uploads/2026/01/Wall-Street-rises-led-by-chip-stocks-after-TSMC-blockbuster.webp.webp&description=A sweeping automated supply chain attack codenamed "Megalodon" struck GitHub on May 18, 2026, injecting malicious CI/CD backdoors into over 5,500 repositories in less than six hours, marking one of the most aggressive GitHub Actions poisoning campaigns ever recorded.){kind=link}