GitHub Actions Compromised: Malicious Commits Steal CI/CD Credentials
In a recent software supply chain attack, threat actors have compromised the widely-used GitHub Actions workflow, `actions-cool/issues-helper`, embedding malicious code designed to harvest sensitive credentials from Continuous Integration and Continuous Deployment (CI/CD) pipelines. This breach underscores the escalating risks associated with software supply chain vulnerabilities.
The Nature of the Attack
Security researcher Varun Sharma from StepSecurity revealed that every existing tag in the `actions-cool/issues-helper` repository was altered to point to an imposter commit. This commit, absent from the action’s standard commit history, contains code that exfiltrates credentials from CI/CD pipelines utilizing the action.
An imposter commit is a deceptive tactic where malicious code is injected into a project by referencing a commit or tag that exists solely in an adversary-controlled fork, rather than the original trusted repository. This method allows attackers to bypass standard Pull Request (PR) reviews, facilitating arbitrary code execution.
Mechanism of the Malicious Code
Upon execution within a GitHub Actions runner, the imposter commit performs several actions:
– Downloads the Bun JavaScript runtime to the runner.
– Reads memory from the Runner.Worker process to extract credentials.
– Makes an outbound HTTPS call to an attacker-controlled domain (`t.m-kosche[.]com`) to transmit the stolen data.
StepSecurity also identified that 15 tags associated with another GitHub action, `actions-cool/maintain-one-comment`, were compromised with similar malicious functionality.
GitHub’s Response and Repository Status
In response to the breach, GitHub disabled access to the affected repository, citing a violation of GitHub’s terms of service. The specific reasons leading to this decision remain undisclosed.
Connections to Other Malicious Campaigns
Notably, the exfiltration domain `t.m-kosche[.]com` has been observed in the recent Mini Shai-Hulud campaign targeting npm packages from the `@antv` ecosystem. This overlap suggests a potential link between the two malicious activities.
Philipp Burckhardt, head of threat intelligence at Socket, indicated that the `@antv` npm compromise is likely connected to the `actions-cool` hack, citing the shared exfiltration domain. He emphasized the strong overlap, leading to the treatment of these incidents as related.
Implications for CI/CD Pipelines
The alteration of every tag to resolve to malicious commits means that any workflow referencing the action by version will pull the malicious code upon its next run. Only workflows pinned to a known-good full commit SHA remain unaffected.
Broader Context of Supply Chain Attacks
This incident is part of a series of recent supply chain attacks targeting GitHub Actions and related tools:
– Coinbase Targeted in GitHub Actions Supply Chain Attack: In March 2025, the `tj-actions/changed-files` GitHub Action was compromised, initially targeting Coinbase’s open-source projects. The attack evolved to expose CI/CD secrets across 218 repositories, including credentials for DockerHub, npm, AWS, and GitHub install access tokens. The breach was traced back to the theft of a personal access token (PAT) related to SpotBugs, highlighting the cascading nature of supply chain vulnerabilities.
– Trivy Security Scanner Breach: In March 2026, the `aquasecurity/trivy-action` and `aquasecurity/setup-trivy` GitHub Actions were compromised. Attackers force-pushed 75 out of 76 version tags to serve a malicious payload, turning trusted version references into a distribution mechanism for an infostealer.
– Checkmarx GitHub Actions Compromised: In March 2026, two GitHub Actions workflows maintained by Checkmarx were compromised by a threat actor known as TeamPCP. The attackers used stolen credentials from previous breaches to poison additional actions in affected repositories, demonstrating the interconnected risks within the software supply chain.
– Bitwarden CLI Compromise: In April 2026, the Bitwarden CLI was compromised as part of an ongoing Checkmarx supply chain campaign. The malicious code was published in the `bw1.js` file, leveraging a compromised GitHub Action in Bitwarden’s CI/CD pipeline to steal GitHub/npm tokens, SSH keys, environment variables, shell history, and cloud secrets.
Recommendations for Developers
Given the increasing frequency and sophistication of supply chain attacks, developers and organizations are urged to:
– Pin Dependencies to Specific Commits: Reference actions and dependencies by their full commit SHA to ensure the integrity of the code being executed.
– Regularly Audit CI/CD Pipelines: Conduct thorough reviews of CI/CD workflows and dependencies to identify and mitigate potential vulnerabilities.
– Monitor for Unusual Activity: Implement monitoring mechanisms to detect unauthorized changes or suspicious activities within repositories and CI/CD pipelines.
– Limit Access and Permissions: Restrict access and permissions to the minimum necessary for users and tokens to reduce the risk of credential theft and misuse.
By adopting these practices, organizations can enhance the security of their software supply chains and mitigate the risks associated with such attacks.
