Megalodon GitHub Attack Compromises 5,500+ Repositories via Malicious CI/CD Workflows

A sophisticated automated supply chain attack called Megalodon has compromised over 5,500 GitHub repositories by injecting malicious CI/CD workflow files, harvesting cloud credentials, SSH keys, and API tokens at scale.

What Is the Megalodon Attack?

Megalodon is the name given to an automated campaign discovered by security researchers at SafeDep. It represents a large-scale GitHub supply chain attack in which malicious GitHub Actions workflow files were injected into thousands of open-source and private repositories. When developers merged these commits, the malicious code executed automatically within their CI/CD pipelines, silently stealing credentials and sensitive data.

How the Attack Worked

The attackers used a combination of techniques to make the malicious commits appear legitimate and evade detection:

• Forged author identities: Commits were pushed using convincing bot-style identities — build-bot, auto-ci, ci-bot, pipeline-bot — designed to blend in with the legitimate automated commits common in active repositories
• Throwaway accounts: Randomised 8-character GitHub usernames were used to avoid account-level reputation signals
• Base64-encoded payloads: The malicious bash scripts were encoded in base64 within the workflow files, helping them evade simple text-based scanning for known malicious patterns

Two payload variants were deployed with different trigger conditions:

• SysDiag: Activated on every push and pull request, maximising the chance of execution in active repositories
• Optimize-Build: Triggered only through manual workflow dispatch, providing the attackers with operational security and a lower-profile execution path

What Data Was Stolen?

The malicious workflows were designed to extract an extensive range of sensitive information from CI/CD environments. Targets included:

• AWS credentials and instance role credentials
• Google Cloud access tokens
• Azure Instance Metadata
• SSH private keys
• GitHub Actions OIDC tokens and CI/CD pipeline tokens
• API keys and database connection strings
• CI environment variables and container configurations
• Shell history files and .env files containing secrets
• 30+ additional secret patterns identified via regex matching

All harvested data was exfiltrated to an attacker-controlled command-and-control server at IP address 216.126.225[.]129:8443.

Scale and Timeline

The attack was remarkably concentrated: 5,718 malicious commits were pushed across 5,561 distinct repositories in a single six-hour window on 18 May 2026, between 11:36 a.m. and 5:48 p.m. UTC. The speed and scale indicates a highly automated operation.

The broader campaign context is significant. Megalodon occurred within a wider wave of CI/CD supply chain attacks linked to a campaign called TeamPCP, which has also compromised repositories belonging to TanStack, Grafana Labs, OpenAI, and Mistral AI. The npm package registry responded to related activity by invalidating granular access tokens that had been bypassing two-factor authentication protections.

Why CI/CD Pipelines Are High-Value Targets

CI/CD pipelines are attractive targets precisely because they have legitimate need for extensive access credentials. A pipeline that builds, tests, and deploys software typically holds:

• Cloud provider credentials to deploy to production environments
• Registry credentials to publish packages or container images
• Database credentials for migration scripts
• API keys for third-party service integrations

Compromising a CI/CD pipeline therefore gives an attacker a set of keys that could provide access to production infrastructure, customer data, and downstream software supply chain targets.

What Developers and DevOps Teams Should Do

1. Audit your GitHub Actions workflows — Review all workflow YAML files in your repositories for recently added or modified entries, particularly those containing base64-encoded strings, unexpected curl commands, or unfamiliar external IP addresses.
2. Rotate all CI/CD secrets immediately — Assume that any secrets stored as CI/CD environment variables in affected repositories have been compromised. Rotate AWS keys, cloud tokens, API keys, and any other credentials.
3. Check commit history for suspicious authors — Look for commits from bot-style identities (build-bot, auto-ci, ci-bot, pipeline-bot) or accounts with randomised 8-character names that you don’t recognise.
4. Implement secret scanning — Use GitHub’s built-in secret scanning, or a dedicated credential scanner, to detect secrets committed to repositories and receive alerts when they are exposed.
5. Enforce branch protection rules — Require pull request reviews before merging to your default branch. This adds a human checkpoint that could catch suspicious workflow modifications.
6. Use the principle of least privilege for CI/CD tokens — Credentials used in pipelines should have only the permissions required for that specific pipeline, limiting the blast radius of a compromise.

BIT Tech’s Take

This attack is a reminder that supply chain security is not just an enterprise concern. Any organisation using GitHub Actions — including small development teams and businesses with web or software projects — should treat their CI/CD pipeline secrets with the same care as production credentials. If your organisation uses GitHub and you’re unsure about your CI/CD security posture, BIT Tech IT Solutions can help.

Contact our team to discuss your development and infrastructure security.