Megalodon GitHub Attack Hits 5,561 Repos via CI/CD

Megalodon GitHub Attack Poisons CI/CD Workflows at Scale

The Megalodon GitHub attack campaign has compromised 5,561 repositories by injecting malicious CI/CD workflow files directly into codebases. This is a supply chain attack at pipeline level. Attackers do not need to touch your application code to cause serious damage. They target the automation layer instead, the .github/workflows directory, where most developers pay far less attention than they should.

The scale here is notable. Over five thousand repositories affected in a single campaign signals an automated, scripted operation. This is not opportunistic manual hacking. Megalodon is systematic.

How the Malicious Workflow Injection Works

Attackers likely used a combination of stolen GitHub tokens, compromised OAuth apps, or exposed credentials from previous breaches to gain write access to target repositories. Once inside, they pushed crafted YAML workflow files into .github/workflows/. GitHub Actions picks these up automatically and executes them on the next trigger event, typically a push or pull request.

The malicious workflows can do several things depending on the attacker's goal. They can exfiltrate repository secrets, inject backdoors into build artifacts, make outbound requests to attacker-controlled infrastructure, or establish persistence by modifying other workflow files. Because CI/CD runners have broad permissions by default, including access to GITHUB_TOKEN and any configured secrets, a compromised workflow effectively becomes a privileged execution environment.

Some variants of this attack also abuse the pull_request_target event, which runs workflows with write permissions even when the triggering PR comes from a fork. That specific misconfiguration has been documented before, but it remains widely exploited.

What Developers and Teams Are Actually at Risk

Any repository using GitHub Actions is a potential target. The risk is not theoretical. If your workflows have access to deployment keys, cloud provider credentials, or package registry tokens, an attacker who controls your workflow controls those secrets too.

Published build artifacts are another concern. If your CI pipeline builds and signs software packages, a compromised workflow can tamper with those artifacts before they are signed and shipped. Downstream users then install malware believing it is legitimate software. This is exactly what makes supply chain attacks so damaging and difficult to detect after the fact.

Private repositories are not safe either. A compromised GitHub token does not discriminate between public and private repos.

How to Harden Your CI/CD Pipelines Against This Attack

Start by auditing your .github/workflows/ directory right now. Review every file, check commit history for unexpected changes, and verify that no new workflow files appeared without corresponding pull requests from known contributors.

Specific steps worth taking immediately:

• Pin GitHub Actions to a specific commit SHA, not a tag. Tags are mutable. Commit SHAs are not.
• Restrict workflow permissions using permissions: blocks in your YAML. Default to read-only and grant write access only where required.
• Audit repository access tokens and OAuth apps connected to your GitHub organization. Revoke anything unfamiliar.
• Enable required reviews for workflow changes in branch protection rules. No workflow should merge without human review.
• Use CODEOWNERS to require specific team sign-off on changes to the .github/ directory.
• Monitor for unexpected outbound network calls from your runners, especially to unfamiliar domains.

You should also consider running automated scanning against your repositories. Tools that detect secrets exposure and workflow misconfigurations can catch problems before an attacker does. You can scan your web assets for exposure at /scan to identify related attack surfaces.

More guidance on supply chain risks is available in our CI/CD security deep dive.

FAQ

How did attackers get write access to so many GitHub repositories? Most likely through stolen or leaked GitHub tokens, compromised developer accounts, or OAuth applications with excessive permissions. Credential exposure from prior breaches is a common entry point.

Does this affect private repositories or only public ones? Both. If an attacker obtains a valid GitHub token with access to private repositories, workflow injection works the same way regardless of visibility settings.

How do I check if my repository was part of the Megalodon campaign? Review your .github/workflows/ commit history for unexpected additions or modifications. Look for workflow files that reference unfamiliar external actions, unusual run: commands, or outbound curl/wget calls to non-standard domains.

Run a free security scan on your web applications at VibeWShield