Megalodon Attack Backdoors 5,561 GitHub Repos in Six Hours

Security researchers have disclosed details of Megalodon, an automated campaign that pushed 5,718 malicious commits to 5,561 GitHub repositories within a six-hour window on May 18, 2026. The attack injected GitHub Actions workflows designed to exfiltrate CI environment credentials, cloud secrets, and SSH keys to attacker-controlled infrastructure.

SafeDep's Malysis scanning engine detected the operation through anomaly detection in commit patterns. The scale and speed suggest sophisticated automation coupled with a large cache of compromised credentials.

Attack Mechanics

Between 11:36 a.m. and 5:48 p.m. UTC, the attacker pushed commits using throwaway GitHub accounts with randomized 8-character usernames like rkb8el9r and bhlru9nr. Each commit used forged author identities to blend in with legitimate CI activity, rotating through four author names: build-bot, auto-ci, ci-bot, and pipeline-bot.

Seven commit messages were recycled across the campaign, all mimicking routine maintenance:

• "chore: update CI workflow"
• "fix: optimize build pipeline"
• "ci: add caching step"
• "build: update dependencies"

The commits added or modified GitHub Actions workflow files containing base64-encoded bash payloads. When workflows execute—triggered by push events or pull requests—the malicious code runs with full access to repository secrets.

What Gets Stolen

The exfiltration payload targets over 30 secret patterns:

Cloud Credentials:

• AWS access keys, secret keys, and session tokens
• Google Cloud service account keys
• Azure subscription credentials
• Kubernetes configs and service account tokens

CI/CD Secrets:

• GitHub Actions OIDC tokens
• GitLab CI variables
• CircleCI environment variables
• Jenkins credentials

Access Tokens:

• SSH private keys from standard paths
• GPG signing keys
• Database connection strings
• API keys matching common naming patterns

Infrastructure Secrets:

• Vault tokens
• Terraform state credentials
• PEM files and certificates

Collected data transmits to 216.126.225.129:8443 over HTTPS, disguised as telemetry traffic.

Two Payload Variants

SafeDep identified two distinct approaches in the campaign:

SysDiag (Mass Variant): Adds a new workflow file triggered on every push and pull_request event. This maximizes execution frequency but creates more visible artifacts in repository histories.

Optimize-Build (Targeted Variant): Replaces existing workflows with modified versions using workflow_dispatch triggers. These dormant backdoors await manual activation through the GitHub API, providing operational security by not executing automatically.

The targeted variant appeared in higher-profile repositories, suggesting the attacker prioritized stealth for potentially valuable targets.

Affected Organizations

The Tiledesk organization was hit hardest, with nine repositories compromised including tiledesk-server, tiledesk-dashboard, and tiledesk-llm. The @tiledesk/tiledesk-server npm package was subsequently flagged, demonstrating how GitHub repository compromise cascades into package ecosystem contamination.

Other notable targets include Black-Iron-Project (8 repos), WISE-Community, and hundreds of smaller projects. The attacker apparently prioritized repositories with active CI/CD pipelines and recent commit activity.

Connection to TeamPCP

SafeDep links Megalodon to the TeamPCP threat cluster, which has targeted open-source ecosystems throughout 2026. The infrastructure patterns, credential harvesting techniques, and timing align with previous TeamPCP operations including RubyGems package poisoning documented in May.

TeamPCP's modus operandi involves weaponizing compromised developer credentials to establish persistent access across interconnected projects. The group appears financially motivated, with stolen credentials later appearing in underground markets or used for cryptocurrency theft.

How Compromises Occurred

The attack required push access to target repositories. Likely vectors include:

• Compromised personal access tokens (PATs) from prior infostealers
• Leaked credentials in public repository history
• Credential stuffing against accounts with password reuse
• Compromised deploy keys with write permissions

The campaign's scale suggests the attacker accumulated a substantial credential cache before executing the coordinated push.

Indicators of Compromise

C2 Server: 216.126.225.129:8443

Suspicious Author Names: build-bot, auto-ci, ci-bot, pipeline-bot

Workflow Files: Look for recently added or modified .github/workflows/ files you don't recognize, especially named SysDiag.yml or with "optimize" in the filename

Commit Patterns: Multiple commits within seconds from unfamiliar accounts

Remediation

1. Audit recent commits to .github/workflows/ directories for unauthorized changes
2. Rotate all secrets exposed to GitHub Actions if compromise is confirmed
3. Review repository collaborators for unfamiliar accounts
4. Enable branch protection requiring reviews for workflow file changes
5. Check for unexpected workflow runs in the Actions tab, especially workflow_dispatch events you didn't trigger
6. Scan downstream packages if your repository publishes to npm, PyPI, or other registries

GitHub has been notified and is working to identify and suspend malicious accounts. Repository owners who received malicious commits should report them through GitHub's abuse reporting system.

For organizations wanting proactive defense, tools like Greyphish can help identify when your organization's credentials appear in phishing campaigns that often precede attacks like Megalodon.