A new and highly deceptive cyberattack campaign is actively targeting open-source repositories on GitHub by disguising malicious code as routine CI (continuous integration) updates. This campaign, known as prt-scan, exploits a commonly misused GitHub Actions workflow trigger to steal sensitive credentials, tokens, and cloud secrets from unsuspecting developers.
Initially, the attack surfaced on March 11, 2026, when a threat actor operating under the account “testedbefore” began submitting malicious pull requests (PRs) to smaller repositories. Over time, the attacker rotated through six different GitHub accounts and launched more than 500 fraudulent PRs. Notably, each PR carried a harmless-looking title — “ci: update build configuration” — which helped the malicious code blend seamlessly into normal development workflows.
However, the campaign escalated significantly on April 2, 2026, when security researcher Charlie Eriksen publicly exposed the activity. On that day alone, a single account, ezmtebo, submitted over 475 malicious PRs within just 26 hours. Meanwhile, analysts from Wiz Research traced the campaign back several weeks, identifying six coordinated waves of attacks.
Further investigation by researchers Rami McCarthy, Hila Ramati, Scott Piper, and Benjamin Read revealed that the attackers successfully compromised at least two npm packages—@codfish/eslint-config and @codfish/actions—affecting 106 package versions. Additionally, they confirmed the theft of AWS keys, Cloudflare API tokens, and Netlify authentication credentials. Fortunately, major platforms like Sentry, OpenSearch, and NixOS prevented breaches by enforcing strict contributor approval policies.
What makes this campaign particularly concerning is its use of AI-driven automation. The attacker’s tools automatically fork repositories, analyze their technology stacks, and inject malicious payloads tailored to specific programming environments. For example, the attack targets Go test files in Go projects, modifies conftest.py in Python repositories, and alters package.json scripts in Node.js environments. As a result, even attackers with limited technical expertise can execute highly sophisticated supply chain attacks at scale.
How the Attack Works
The campaign abuses the pull_request_target trigger in GitHub Actions. Unlike the standard pull_request trigger, this configuration runs in the context of the base repository, granting access to sensitive secrets—even when the PR originates from an untrusted fork.
Once triggered, the attack unfolds in multiple stages. First, it extracts the GITHUB_TOKEN from configuration files and encodes it for later retrieval. Next, it uses the stolen token to map secrets and access cloud metadata services for AWS, Azure, and Google Cloud credentials. Additionally, a background process continuously scans for sensitive data and posts it into PR comments, ensuring persistence even after logs are cleared.
Mitigation and Recommendations
To reduce risk, organizations should immediately audit repositories for suspicious indicators such as PRs titled “ci: update build configuration” or branches matching prt-scan patterns. Furthermore, administrators must restrict pull_request_target triggers to trusted contributors and enforce strict approval workflows.
Equally important, teams should rotate all potentially exposed credentials, including API keys and cloud tokens. By adopting stricter security controls and monitoring workflows closely, organizations can effectively defend against such evolving supply chain threats.
Recommended Cyber Technology News:
- Circle Arc Blockchain Adds Post-Quantum Security
- Microsoft Unveils $10B Plan to Scale AI, Cloud, and Cybersecurity in Japan
- Cycore Helps Cocoon Achieve SOC 2 Compliance Fast
To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com
