Feeding Frenzy: 'Megalodon' Malware Infects Thousands of GitHub Repos

APPLICATION SECURITY CYBERATTACKS & DATA BREACHES CYBER RISK THREAT INTELLIGENCE NEWS Feeding Frenzy: 'Megalodon' Malware Infects Thousands of GitHub Repos In just six hours, the campaign quietly pushed thousands of malicious commits to more than 5,500 GitHub repositories, stealing credentials, developer secrets, and more. Rob Wright,Senior News Director,Dark Reading May 26, 2026 4 Min Read SOURCE: FLIXPIX VIA ALAMY STOCK PHOTO Thousands of GitHub repositories were poisoned with credential-stealing malware in the latest threat campaign to rock the beleaguered software supply chain. In a May 21 blog post, cybersecurity startup SafeDep flagged an automated malware campaign, codenamed "Megalodon," that unfolded on May 18 in a six-hour window. In that brief amount of time, Megalodon managed to push 5,718 malicious commits to 5,561 GitHub repositories. According to SafeDep, a threat actor used dummy accounts and forged author identities to inject GitHub Actions workflows with malicious payloads that exfiltrate CI/CD secrets, cloud credentials, SSH keys, OpenID Connect tokens, and source code secrets to a command-and-control (C2) server.  The Megalodon campaign follows a series of attacks this year that have seemingly spread at a rapid pace and upended the software supply chain. Supply Chain Shark Hunts for Secrets Megalodon is composed of two payloads, according to SafeDep. The primary malware adds a malicious YAML file named "SysDiag" that adds a new workflow whenever a push or pull request is made. The more targeted, secondary payload replaces existing workflows with a "workflow-dispatch" trigger that acts as stealth backdoor that evades detection and doesn't generate visible CI runs until activated. Related:The Hackers Behind Shai-Hulud: Lucky or Skilled? LOADING... "This makes the backdoor dormant. It creates no visible runs in the Actions tab, no failed builds, no red flags in CI history," the company stated in its blog, adding that an attacker can activate the backdoor through a GitHub API. SafeDep first spotted Megalodon when the company's Malysis engine detected malicious activity in a bundled GitHub Actions workflow file for an npm package, @tiledesk/tiledesk-server@2.18.12, part of the open source chatbot platform Tiledesk. It turned out that Tiledesk had nine repositories that were backdoored, and the maintainers unknowingly published poisoned code to downstream users, inadvertently spreading Megalodon infections.  It's unclear why the campaign lasted only six hours. Abhisek Datta, security engineer at SafeDep, tells Dark Reading that the research team didn't observe any time limitation behavior in the analysis of Megalodon. "Our hypothesis is that the campaign leveraged valid credentials to infect the repositories," Datta says. "The credentials were likely obtained through earlier supply chain attacks targeting developers. The attackers most likely used all the credentials on their list during this time window." OX Security published additional research last week on Megalodon, confirming that approximately 3,500 GitHub repositories were carrying the malicious YAML file.  Related:GitHub Confirms Breach, 4K Internal Repos Stolen "The number of infected repos actually decreased slightly since last week — from around 3,500 to around 2,900 —  but that means nearly 83% remain infected more than a week after the attack," Moshe Siman Tov Bustan, security research at OX and author of the blog post, tells Dark Reading. "The attack window itself was closed after roughly six hours, but GitHub has yet to fully clean up the affected repositories." Megalodon Connection to TeamPCP? The Megalodon campaign follows several high-profile supply chain attacks, many of which were the work of an emerging threat group known as TeamPCP. Megalodon's infections occurred a day before TeamPCP claimed responsibility for a massive breach at GitHub in which attackers stole code from approximately 4,000 internal repositories. Could Megalodon be the work of TeamPCP? Siman-Tov Bustan noted in his blog post that Megalodon-infected commits all feature a hardcoded date of Sept. 17, 2001, and fake bot identities, ci-bot@automated.dev or build-system@noreply.dev. This, he wrote, is similar to the behavior observed in TeamPCP's self-leaked source code for the Shai-Hulud worm. But Siman Tov Busta says those are "surface-level similarities" and that there are currently no direct links, identifying indicators or compromise (IOCs), or claims of responsibility tying TeamPCP to Megalodon. "One indicator that could establish attribution would be the use of the same public key for encrypting stolen data across attacks, since only the group itself could decrypt it, that would be a meaningful signal," he says. "For now, the connection remains unconfirmed." Related:'Claw Chain' Vulnerabilities Threaten OpenClaw Deployments Datta agrees, saying there's no correlation of technical indicators, and the payload and tactics, techniques, and procedures (TTPs) look different, he says. "However, given our earlier hypothesis of leveraging stolen credentials in the [Megalodon] campaign, I would not completely rule out collaboration between TeamPCP and related groups sharing access." A collaboration with another cybercriminal outfit wouldn't be out of character for TeamPCP, which earlier this year formed an official alliance with Vect, an emerging ransomware gang. But at this stage, it's unclear who the attackers are, and what their ultimate goal may be. In the meantime, OX Security urged organizations to block any connections to Megalodon's C2 server; audit their GitHub repos for the malware, GitHUb actions, and malicious YAML files; and, if suspicious activity is detected, revoke and rotate all credentials, SSH keys, API keys, and other secrets. Click here for all of our DR20 content, which will be rolling out across the month of May. Keep checking back for new items!  About the Author Rob Wright Senior News Director, Dark Reading Rob Wright is a longtime reporter with more than 25 years of experience as a technology journalist. Prior to joining Dark Reading as senior news director, he spent more than a decade at TechTarget's SearchSecurity in various roles, including senior news director, executive editor and editorial director. Before that, he worked for several years at CRN, Tom's Hardware Guide, and VARBusiness Magazine covering a variety of technology beats and trends.  Prior to becoming a technology journalist in 2000, he worked as a weekly and daily newspaper reporter in Virginia, where he won three Virginia Press Association awards in 1998 and 1999. At TechTarget and Dark Reading, he has won several Azbee awards, including the 2026 National Silver Award for a series on vibe coding.  At Dark Reading, Rob currently covers security operations, cloud security, and Internet infrastructure. He has a keen interest in malvertising activity and the certificate authority industry, and has written extensively on both topics. He graduated from the University of Richmond in 1997 with a degree in journalism and English. A native of Massachusetts, he lives in the Boston area.  Want more Dark Reading stories in your Google search results? ADD US NOW More Insights Industry Reports How Organizations Are Managing Incident Response How Enterprises Are Developing Secure Applications Inside RSAC 2026: security leaders reveal the risks redefining your defense strategy Essential News & Insights from Black Hat USA 2025 How Enterprises Are Harnessing Emerging Technologies in Cybersecurity Access More Research Webinars Build vs. Buy: The Hidden Cost of Building Your Own AI Security Stack Defending in the Shadow Era: When the CVE Feed Goes Dark Building SecOps That Make the Most of Every Dollar AI-Powered Cybersecurity for Resource-Constrained Organizations AI-Powered Credential Security: Intelligence Without Exposure More Webinars You May Also Like APPLICATION SECURITY Supply Chain Attack Secretly Installs OpenClaw for Cline Users by Rob Wright FEB 19, 2026 APPLICATION SECURITY Chinese Hackers Hijack Notepad++ Updates for 6 Months by Jai Vijayan, Contributing Writer FEB 02, 2026 APPLICATION SECURITY Trump Administration Rescinds Biden-Era Software Guidance by Alexander Culafi JAN 29, 2026 APPLICATION SECURITY Microsoft Fixes Exploited Zero Day in Light Patch Tuesday by Jai Vijayan, Contributing Writer DEC 09, 2025 Editor's Choice CYBERSECURITY OPERATIONS 20 Leaders Who Built the CISO Era: 2 Decades of Change byDark Reading Editorial Team MAY 12, 2026 41 MIN READ APPLICATION SECURITY It's Patch Tuesday for Microsoft & Not a Zero-Day In Sight byJai Vijayan MAY 12, 2026 5 MIN READ CYBERATTACKS & DATA BREACHES Instructure Breach Exposes Schools' Vendor Dependence byAlexander Culafi MAY 6, 2026 4 MIN READ Want more Dark Reading stories in your Google search results? Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox. SUBSCRIBE LOADING... RSAC 2026: key news & insights At RSAC 2026, Dark Reading captured critical intelligence on AI, new attack methods, geopolitics, and much more Get Your Recap Webinars Build vs. Buy: The Hidden Cost of Building Your Own AI Security Stack THURS, JUNE 25, 2026, AT 1PM EST Defending in the Shadow Era: When the CVE Feed Goes Dark TUES, JUNE 16, 2026 AT 1PM EST Building SecOps That Make the Most of Every Dollar THURS, JULY 9, 2026 AT 1PM EST AI-Powered Credential Security: Intelligence Without Exposure WED, JUNE 17, 2026, AT 1PM EST AI-Powered Cybersecurity for Resource-Constrained Organizations THURS, JUNE 18, 2026, AT 1PM EST More Webinars BLACK HAT USA | MANDALAY BAY, LAS VEGAS The premier cybersecurity event of the year returns to Mandalay Bay with a re‑engineered, six‑day program built to ignite innovation, push boundaries, and bring the global security community together like never before. Use code: DARKREADING to save $200 on a Briefings pass or $100 on a Business pass. GET YOUR PASS