registry  /  @tiledesk/tiledesk-server  /  2.18.9

@tiledesk/tiledesk-server@2.18.9

OSV Malicious Advisory

scanned 15d ago · by OpenSSF/OSV

OpenSSF/OSV advisory MAL-2026-4228 confirms this npm version as malicious. `@tiledesk/tiledesk-server` version 2.18.12 is a compromised release of the legitimate Tiledesk customer support platform package. This version was injected with a CI pipeline backdoor as part of the **megalodon** campaign — a mass GitHub repository backdooring operation targeting CI/CD runner environments.

Advisory
MAL-2026-4228
Source
OpenSSF Malicious Packages via OSV
Summary
Malicious code in @tiledesk/tiledesk-server (npm)
Details
`@tiledesk/tiledesk-server` version 2.18.12 is a compromised release of the legitimate Tiledesk customer support platform package. This version was injected with a CI pipeline backdoor as part of the **megalodon** campaign — a mass GitHub repository backdooring operation targeting CI/CD runner environments. **Attack vector:** The malicious payload is embedded in `.github/workflows/docker-community-worker-push-latest.yml` within the npm tarball, in a step named "Optimize-Build". The step decodes and executes a base64-encoded shell script (`set +e; echo "<base64>" | base64 -d | bash`). **What it does:** The decoded script is a multi-stage CI credential harvester: - Dumps all environment variables via `printenv` and scrapes `/proc/self/environ` and `/proc/[0-9]*/environ`, capturing secrets from every process on the runner - Exfiltrates credential files: `~/.aws/credentials`, `~/.ssh/`, `~/.docker/config.json`, `~/.npmrc`, `~/.kube/config`, `~/.vault-token`, `.git-credentials`, GCP Application Default Credentials, and Terraform credentials - Enumerates AWS profiles to extract access keys, secret keys, and session tokens; runs `gcloud auth print-access-token` for GCP - Queries cloud IMDS endpoints (`169.254.169.254`, `metadata.google.internal`) for instance credentials - Steals `ACTIONS_ID_TOKEN_REQUEST_TOKEN` to mint arbitrary OIDC tokens for cloud impersonation - Scans `/var/www`, `/opt`, `/srv` for certificate files (`.pem`, `.key`, `.p12`, `.pfx`) and runs regex-based secret scanning for 30+ patterns including AWS AKIA keys, GitHub PATs, npm tokens, PyPI tokens, private keys, and database connection strings **C2 infrastructure:** All stolen data is exfiltrated via HTTP POST to `http://216.126.225.129:8443` with query parameters `?h=megalodon&l=gh_dump&id=hefs8esnhgkx`. **Trigger:** Execution occurs during GitHub Actions Docker build workflows. Any CI pipeline that included this package version in a Docker build would have had its entire runner secrets environment exfiltrated at build time. --- ## Source: ghsa-malware (2a1ee4a2f73000abfb87afaa9a4f7a8519b82f279b294c71f9c3b688624d92be) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer may have been given to an outside entity, there is no guarantee that removing the package will remove all malicious software resulting from installing it.
Decision reason
OpenSSF Malicious Packages via OSV confirms @tiledesk/tiledesk-server@2.18.9 as malicious (MAL-2026-4228): Malicious code in @tiledesk/tiledesk-server (npm)

Source & flagged code

0 flagged
No flagged code excerpts are attached to this scan.

Findings

1 High
HighOsv Malicious Advisory