Security researchers are warning that a massive supply chain attack dubbed "Megalodon" has injected malware into more than 5,500 GitHub repositories through automated commits. The attack abused GitHub Actions workflows to plant stealth payloads in the continuous integration environment, targeting sensitive information such as credentials, CI secrets, keys and tokens.

According to a report by security firm SafeDep, Operation Meg relied on malicious GitHub Actions workflows that were batch-injected into target repositories with fake automated commits, creating a concentrated wave of attacks in just six hours. SafeDep said the attackers pushed more than 5,700 malicious commits to affected repositories during a six-hour window on May 18, ultimately affecting 5,561 independent repositories.

At least two different payloads were used in the attack. One of them will add a new workflow in the warehouse so that it is automatically triggered every time a push or pull request is made, thereby continuing to execute malicious code during the development and build process. The other replaces the triggering conditions of the existing workflow and transforms it into a "sleep backdoor", which reserves a remote wake-up channel for attackers without affecting the daily process.

Once the target environment is infected, the malicious workflow will attempt to steal CI environment variables, AWS credentials, GCP access tokens, Azure credentials, SSH private keys, Docker and Kubernetes configurations, various API keys, database connection strings, as well as dozens of different types of sensitive information such as GitHub Actions tokens and GitLab CI/CD tokens. Once this information is leaked, it could be used to further compromise cloud infrastructure, code bases, and production environments.

According to SafeDep, "Megalodon" was discovered while analyzing the Tiledesk open source chat and chatbot platform. Researchers noticed that the project successively released tampered malicious versions of NPM packages between May 19 and 21, thus exposing a larger-scale warehouse intrusion operation behind it. The NPM account related to the attack is named eljohnny, and the account email address is [email protected]. It has released both a clean version 2.18.5 and a contaminated version.

SafeDep pointed out that the attacker did not directly control the NPM account itself, but started by compromising its corresponding GitHub repository. After the source code was "poisoned", the maintainer unknowingly released malicious packages from the infected code, which also highlighted the typical risk of "the upstream source being silently tampered with" in supply chain attacks.

When tracing the source of the attack, SafeDep found that the malicious submission that triggered the infection chain also occurred on May 18, and the submission author was identified as "build-bot." After tracing through the relevant mailbox, the researchers found that a total of 2878 submissions were made through this mailbox that day, and another 2841 submissions were made through another related mailbox. A total of 5718 malicious submissions were all completed on the same day.

In terms of technical means, the attacker chose the "workflow_dispatch" workflow type in GitHub Actions to trigger the backdoor. This triggering method can be called through the GitHub API, and the stolen GitHub token can be used to remotely activate the dormant backdoor at any time later. More importantly, this trigger type is exempted from GitHub's "anti-recursive rules" and is not restricted by preventing "events triggered by tokens from generating new workflows again", providing attackers with greater room for operation.

While the "Megalodon" incident was exposed, the ecosystem level was also trying to deal with similar threats. NPM recently announced that it has invalidated all fine-grained access tokens that bypass two-factor authentication and have write permissions to prevent supply chain attacks similar to "Mini Shai‑Hulud". Security company Ox Security believes that this measure helps reduce the risk of account hijacking, but does not really eliminate the underlying risk.

Ox Security warns that as long as platforms allow arbitrary code to be uploaded and distributed without rigorous review, malicious code spread through compromised repositories will continue to emerge. The company pointed out that supply chain attacks are entering a new era. TeamPCP's earlier attack on GitHub was just the beginning. In the future, waves of attacks targeting the developer community will follow like a "tsunami".

In addition to this incident, other recent cases around supply chain security have also emerged, including the use of TanStack attacks to steal Grafana code and data, and multiple large-scale poisoning operations targeting NPM packages. These successive incidents demonstrate that software supply chain vulnerabilities and lack of visibility remain prominent issues facing the entire industry.