Megalodon Supply Chain Attack Compromises 5,561 GitHub Repositories in Six-Hour Blitz
- May 22
- 2 min read
Key Findings
5,718 malicious commits pushed to 5,561 GitHub repositories within a six-hour window on May 18, 2026
Attackers used forged identities (build-bot, auto-ci, ci-bot, pipeline-bot) and throwaway GitHub accounts to hide their tracks
Malicious GitHub Actions workflows embedded base64-encoded bash payloads designed to exfiltrate sensitive credentials and secrets
Two attack variants identified: SysDiag (broad reach, triggers on every push/pull request) and Optimize-Build (targeted, uses workflow_dispatch for stealth)
Popular package @tiledesk/tiledesk-server was compromised, resulting in seven infected versions published to npm
Campaign conducted by TeamPCP, the same group behind recent compromises of TanStack, Grafana Labs, OpenAI, and Mistral AI
Stolen data sent to C2 server at 216.126.225.129:8443
Background
TeamPCP has emerged as a major threat actor targeting the software supply chain, with a track record of compromising high-profile open-source projects. The group appears financially motivated and has established partnerships with extortion crews. Recent activity suggests they may also be geopolitically motivated, having deployed wiper malware on machines in Iran and Israel. Their attacks follow a pattern of exploiting one compromise to facilitate the next, creating a worm-like spread through interconnected ecosystems.
Attack Methodology
The attackers operated with careful operational security despite the scale of the campaign. They rotated through four author names and seven different commit messages to mimic routine CI maintenance work. Git configurations were manipulated to forge author identities, and commits were pushed using either compromised personal access tokens or deploy keys from throwaway accounts with randomized eight-character usernames.
Two Attack Variants
SysDiag represents the mass-reach approach, automatically triggering on every push and pull request to maximize execution across victim repositories. Optimize-Build takes a more measured approach, using workflow_dispatch to activate only when manually triggered through the GitHub API. This targeted variant sacrifices immediate reach for operational security, allowing attackers to remain undetected until they choose to activate the malware for credential theft.
Data Harvesting Capabilities
The injected payloads execute a 111-line bash script that systematically harvests a comprehensive range of sensitive information. The malware collects CI environment variables, SSH private keys, Docker and Kubernetes configurations, Vault tokens, and Terraform credentials. It targets cloud provider credentials from AWS, Google Cloud, and Microsoft Azure, including instance role credentials and metadata service tokens. The script also extracts GitHub Actions OIDC tokens, CI/CD tokens from GitLab and Bitbucket, and searches configuration files for over 30 types of secrets including API keys, database connection strings, JWTs, and PEM private keys.
The Tiledesk Case
The popular live chat and chatbot service Tiledesk became a notable victim when attackers compromised nine of its GitHub repositories. The malicious commits went undetected by developers, who subsequently published seven infected versions of the @tiledesk/tiledesk-server package to npm between May 19-21. This demonstrates how the attack chain works: compromised repositories lead to infected package releases, which then spread to downstream users.
Broader Implications
SafeDep researcher commentary suggests this represents an escalation in supply chain attacks. The volume and automation indicate attackers are developing increasingly sophisticated methods to target developers at scale. npm has responded by invalidating granular access tokens that bypass two-factor authentication, but security experts acknowledge this is a temporary measure that doesn't address the underlying vulnerabilities in the ecosystem. Developers and organizations must assume that their supply chains may have been compromised and should rotate all credentials immediately.
Sources
https://thehackernews.com/2026/05/megalodon-github-attack-targets-5561.html
https://hackread.com/github-repositories-megalodon-supply-chain-attack/
https://cybersecuritynews.com/megalodon-malware-github-repos/amp

Comments