Talk Around Town: Is GitHub Quietly Becoming a Malware Superstore for Credential Thieves?

What the Hollerin' Is All About

Well, butter my biscuit and call me suspicious — word around the digital watering hole is that GitHub, the world's most-trusted code barn, has allegedly been moonlighting as a dadgum malware distribution depot. Multiple independent security firms have been raising Cain about this since at least early 2024, and by mid-2026 the chatter had turned into a full-on rooster squawk. The core claim circulating in infosec circles is that attackers have industrialized the use of GitHub to host and deliver trojans, infostealers, and credential-harvesting tools at a scale that would make a cattle rustler blush.

Now hold your horses before you burn the barn down — a specific figure of 10,000 malicious repositories floated by an independent researcher blog called orchidfiles.com has not been independently confirmed, and we ain't treating that number as gospel. What IS documented, by multiple tier-one outfits including Kaspersky, SafeDep, OX Security, ReversingLabs, and Trend Micro, is that the phenomenon is real, recurring, and — according to Risky Business Media — escalating fast enough to give a cybersecurity hound dog serious heartburn.

What Is Actually Known: The Megalodon Cattle Drive

The biggest confirmed stampede so far is what researchers are calling Megalodon. According to SafeDep — independently corroborated by SecurityWeek, Dark Reading, and The Hacker News — this campaign crammed 5,718 malicious commits into 5,561 distinct GitHub repositories in roughly six hours on May 18, 2026, running from about 11:36 to 17:48 UTC. That's faster than a coon dog chasing a greased pig, and about as welcome.

SafeDep says the attacker used throwaway accounts and forged author identities — names like build-bot, auto-ci, ci-bot, and pipeline-bot — to inject GitHub Actions workflows loaded with base64-encoded bash payloads. According to The Hacker News and SecurityWeek, those workflows were designed to vacuum up CI secrets, cloud credentials for AWS, GCP, and Azure, SSH keys, OIDC tokens, API keys, and source code secrets, then ship 'em off to a command-and-control server like hogs to market. SafeDep notes the credentials were likely harvested in earlier supply chain attacks against developers.

Separately, BleepingComputer confirmed that on June 5, 2026, GitHub disabled 73 repositories across Microsoft's Azure and related GitHub organizations after researchers confirmed those repos were compromised in the Miasma/Shai-Hulud supply-chain campaign. That ain't a rounding error — that's Microsoft's own digital fence getting cut.

What the Other Hound Dogs Found: GitVenom, Webrat, and Friends

Kaspersky researchers Georgy Kucherin and João Godinho, writing on Kaspersky's own blog, explained that a separate operation they call GitVenom involved the creation of hundreds of GitHub repositories containing fake projects laced with malicious code. Kaspersky says these projects mimicked legitimate tools to reel in unsuspecting developers like catfish on a trotline. Help Net Security and GBHackers independently reported on the same campaign.

Then there's Webrat, and Lord have mercy, this one targeted the people who are supposed to be catching the crooks. According to Kaspersky SecureList, corroborated by BleepingComputer, CSO Online, and TechRadar, the Webrat trojan — previously spread through game cheats and cracked software — pivoted by at least September 2025 to dressing itself up as proof-of-concept exploit code on GitHub, complete with AI-generated README documentation, specifically to lure security researchers and students. It's like a wolf wearing a sheepdog costume and applying for a job at the sheep ranch.

Trend Micro separately identified a campaign using AI-generated fake repositories to distribute something called SmartLoader alongside Lumma Stealer, with Trend Micro noting that the threat actors impersonated security researchers on X/Twitter to spread the links. And ReversingLabs researcher Robert Simmons is quoted describing trojanized code in public repositories as a growing software supply chain attack vector — a sentiment that, at this point, has more corroboration than a church potluck has casseroles.

The Distribution-as-a-Service Angle Is Especially Unsettling

Here's where it gets slicker than a greased doorknob: Sophos linked a subset of these campaigns to what it characterizes as a distribution-as-a-service operation that has allegedly been running since August 2022. According to The Hacker News reporting on that research, this network uses fake stars, forking, and subscribing to inflate repository popularity in GitHub search results, making the poisoned watering holes look like the freshest springs on the prairie.

Check Point is quoted describing a network of multiple accounts that distribute malicious links and malware while simultaneously starring, forking, and subscribing to malicious repositories to manufacture legitimacy. Risky Business Media, in a March 2026 editorial synthesis, documented what it frames as a continuous escalation from infrequent sightings in early 2024 to a named-campaign wave by early 2026, including actors deploying ClickFix tricks and impersonating real companies. That longitudinal framing — from occasional to industrial — is the through-line connecting all these independent reports.

What Remains Unverified and Where the Disputes Live

Now let's be straight as a fence rail about what we don't know. The headline-grabbing figure of 10,000 malicious repositories comes from a single independent researcher blog (orchidfiles.com) flagged on Hacker News, and that specific number has not been independently corroborated. We are not vouching for it. Scale estimates across all the confirmed campaigns range from dozens of repositories in specific named operations to the 5,561 of Megalodon's single-day blitz — a mighty wide spread.

Attribution for Megalodon is also murky as a mud puddle. Dark Reading notes the campaign occurred a day before a group called TeamPCP publicly claimed a major GitHub breach, but according to SafeDep and OX Security, no confirmed link between the two has been established. That thread remains a hypothesis, not a finding.

Whether GitHub's automated cleanup measures and NPM's revocation of bypass-2FA tokens actually put a meaningful dent in attacker reach is also contested. Socket and OX Security, according to reporting, argue the cleanup provides temporary breathing room but does not close the underlying vulnerability — which is essentially that GitHub's openness, the very thing that makes it valuable, is the same thing that makes it a five-star hotel for malware operators.

Analysis: The Barn Door Problem Nobody Has Fixed

This is analysis, not reporting: what makes the GitHub malware situation genuinely nasty — slicker-than-owl-snot nasty — is that every defensive property of the platform doubles as an offensive asset. Trust signals like stars, forks, and polished README files are cheap to manufacture with AI, as Trend Micro's research illustrates. The very fact that GitHub hosts real Microsoft projects and real security researcher tools is what makes it a convincing disguise for fake ones.

The industrialization angle documented across these campaigns suggests this is not a collection of lone-wolf hackers fumbling around. The use of automation, forged bot identities, base64-encoded payloads, AI-generated documentation, and coordinated social amplification on X/Twitter describes something closer to a logistics operation than a mischief run. Whether that constitutes a genuine platform crisis or a solvable moderation problem is, frankly, above this narrator's pay grade — but the convergence of five independent research lines pointing the same direction is the kind of thing that makes a careful person check their CI pipeline like they check a used truck before buying it.

GitHub has not, as of this writing, made public statements addressing the full scope of the trend described here, and Microsoft's response has been limited to the confirmed removal of the 73 repositories per BleepingComputer's report. What platform-level systemic response, if any, is coming remains unknown.