Skip to content

Megadolon Campaign: Thousands of GitHub Repos Infected with Malware

Bottom line: Thousands of GitHub repositories were infected with malware that steals credentials, massively compromising the software supply chain.

A large-scale malware campaign has compromised and infected thousands of GitHub repositories with malicious software designed to capture login credentials. The attack targets the software supply chain and strikes already fragile infrastructure.

In the so-called Megadolon campaign, thousands of public and private GitHub repositories were infiltrated with malware. The malicious software is designed to extract login credentials and authentication tokens, giving attackers direct access to developer and production accounts.

For a CISO, this represents a critical threat: a compromised repository in the supply chain can serve as an entry vector into an entire organization. Developers who incorporate infected dependencies unknowingly introduce malware into their build processes. The scale (thousands of repos) indicates a broad campaign, not isolated incidents.

For organizations: dependencies and repositories must be checked for suspicious commits, unusual authorship, and suspicious changes to build scripts. Code scanning tools and signature verification are essential. Developers should enable multi-factor authentication for GitHub and other source control platforms. In NIS2 contexts, this is a supply chain security incident that can trigger reporting obligations.


Source: itwelt.at · Published June 1, 2026
Lumi AI News — AI-assisted curation in accordance with Article 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.2.8.

Share on: