Researchers disclosed a large-scale software supply chain campaign dubbed “Megalodon,” in which attackers reportedly compromised thousands of GitHub repositories by injecting malicious GitHub Actions workflows designed to exfiltrate secrets and cloud credentials. The campaign is believed to have affected over 5,500 repositories within several hours and included the compromise of npm package releases associated with impacted repositories.
According to public reporting, the attackers injected malicious GitHub Actions workflows containing base64-encoded bash payloads into targeted repositories. The workflows were designed to collect and exfiltrate CI/CD secrets, cloud credentials, SSH keys, GitHub Actions OIDC tokens, Kubernetes configurations, Terraform credentials, and other sensitive data to attacker-controlled infrastructure. The campaign reportedly leveraged forged CI-style identities such as “build-bot” and “ci-bot” to disguise malicious commits as legitimate automation activity.
Researchers identified two primary payload variants. One variant added malicious workflows that automatically executed on push and pull_request_target events, while another modified existing workflows to create dormant backdoors triggered manually via workflow_dispatch. The campaign also reportedly impacted several npm package releases, including compromised versions of @tiledesk/tiledesk-server published from poisoned source repositories. Initial analysis suggests attackers likely obtained access through compromised GitHub personal access tokens (PATs) or deploy keys rather than direct compromise of npm publisher accounts.