Infostealers Just Spawned a 5,000+ Repo GitHub Supply Chain Attack

Megalodon is a large-scale, automated supply-chain campaign that pushed thousands of malicious commits into GitHub repositories (5,000+ infected) by exploiting weak branch protections and compromised or throwaway accounts; the injected Base64 payloads in CI/CD workflows are designed to steal secrets (AWS, GCP, SSH, GitHub OIDC tokens) and deploy further infostealers. The report attributes the surge to the public release of TeamPCP’s Shai Hulud framework, and Hudson Rock’s analysis ties a significant portion of the compromised accounts to infostealer-infected machines and warns that over 24,000 companies have employees with compromised GitHub credentials.