Full Report
Will Jason Statham save us?
Analysis Summary
# Tool/Technique: Megalodon (GitHub/CI-CD Poisoning Campaign)
## Overview
Megalodon is an automated supply chain attack campaign that targeted over 5,500 GitHub repositories. The campaign utilizes malicious commits designed to blend in with legitimate CI/CD automation. Once merged, the malware executes within the CI/CD pipeline to harvest cloud credentials, configuration files, and authentication tokens, effectively compromising the target's entire cloud infrastructure and development environment.
## Technical Details
- **Type:** Malware / Tool (CI/CD Credential Stealer & Information Exfiltrator)
- **Platform:** GitHub, Linux-based CI/CD runners (GitHub Actions), Cloud Environments (AWS, GCP, Azure)
- **Capabilities:** Credential harvesting, environment discovery, automated propagation, and exfiltration.
- **First Seen:** May 18, 2026 (Active window: 11:36 to 17:48 UTC)
## MITRE ATT&CK Mapping
- **TA0001 - Initial Access**
- T1195.001 - Supply Chain Compromise: Compromise Software Dependencies and Development Tools
- T1078.004 - Valid Accounts: Cloud Accounts (via compromised PATs/Deploy Keys)
- **TA0007 - Discovery**
- T1046 - Network Service Discovery (Querying Cloud Metadata services)
- T1552.001 - Unsecured Credentials: Credentials In Files (Regex patterns for secrets)
- **TA0006 - Credential Access**
- T1552.004 - Private Keys (SSH, Vault)
- T1528 - Steal Application Access Token
- **TA0010 - Exfiltration**
- T1041 - Exfiltration Over C2 Channel
## Functionality
### Core Capabilities
- **Automated Commit Injection:** Pushes malicious commits directly to master branches using compromised Personal Access Tokens (PATs) or Deploy Keys.
- **CI/CD Execution:** Executes a backdoored build optimization step during the CI/CD pipeline run.
- **Cloud Credential Theft:** Queries AWS, GCP, and Azure metadata services to extract instance role credentials and access tokens.
- **Environment Harvesting:** Scans for Docker configurations, Kubernetes (`.kube/config`), and Terraform state/credential files.
### Advanced Features
- **Sophisticated Impersonation:** Uses author names like "build-bot" and emails like "build-system[@]noreply.dev" to mimic standard automated CI tools.
- **Secret Scanning:** Incorporates over 30 regex patterns to scan source code for hardcoded secrets during the build process.
- **Supply Chain Propagation:** Backdoors legitimate packages (e.g., Tiledesk) at the source level, causing maintainers to unknowingly publish poisoned versions to package managers like npm.
## Indicators of Compromise
- **File Hashes:** [Specific hashes not provided in text; however, refer to malicious versions of Tiledesk 2.18.6 through 2.18.12]
- **File Names:** `ci: add build optimization step` (Commit message)
- **Git Author Emails:**
- `build-system[@]noreply.dev`
- `ci-bot[@]automated.dev`
- **Network Indicators:** (Exfiltration endpoints generally targeting attacker-controlled C2 or webhook listeners - *specific domains defanged as needed by analyst observation*)
- **Behavioral Indicators:**
- Unexpected commits to `master` with no associated Pull Request.
- CI/CD pipelines making outbound requests to cloud metadata services (e.g., `169.254.169.254`).
- Unexplained exfiltration of `.env` or `.ssh` directory contents during builds.
## Associated Threat Actors
- **TeamPCP (Suspected/Influencer):** While Megalodon mimics the style of the "Lazarus" and "TeamPCP" group attacks, researchers believe this is a separate actor copying their TTPs.
## Detection Methods
- **Signature-based detection:** Scanning repo history for commits authored by `build-system[@]noreply.dev`.
- **Behavioral detection:**
- Monitoring for CI/CD runners accessing non-standard directories (like `~/.ssh` or `/var/run/docker.sock`) if not required for the build.
- Auditing GitHub audit logs for unusual PAT usage or pushes to protected branches.
- **YARA/Secret Scanning:** Use tools like TruffleHog or Gitleaks to identify the injected regex patterns or the backdoored code in dependencies.
## Mitigation Strategies
- **Prevention measures:**
- Enable **Branch Protection Rules** (require PRs and signed commits).
- Implement **Repository Rulesets** to prevent pushes from unverified identities.
- **Hardening recommendations:**
- Use **Short-lived Credentials** (e.g., OIDC) for CI/CD-to-Cloud authentication instead of long-lived secrets.
- Restrict PAT scopes to "Read-only" wherever possible and rotate keys frequently.
- Implement **Network Egress Filtering** on CI/CD runners to block unauthorized exfiltration.
## Related Tools/Techniques
- **TeamPCP Attacks:** Previous automated GitHub poisoning campaigns.
- **Shai-Hulud Worm:** A similar automated supply chain propagation tool.
- **Dependency Confusion/Site-loading:** Methods used to trick package managers into downloading malicious versions.