GitHub Closed Reports on Forgable Commit Metadata Now Powering Shai-Hulud Worm Variants

Deep Specter Research submitted the reports after tracing over 3,000 compromised repositories and 200 developer accounts. The first report flagged Git's client-supplied timestamps that let the worm backdate payloads to appear years old; the second flagged arbitrary author metadata displayed without verification. Both were closed as ineligible, with GitHub citing git design and existing GPG/SSH signing options that most victims had not enabled. GitHub's Events API records the true pusher but hides it from reviewers after 90 days.

Public data shows 1,729 credential-storing repositories and 151 active payloads remained live as of mid-June. The worm originated with TeamPCP in May and spawned copycats hitting the European Commission, Mercor, LiteLLM and Red Hat. GitHub's code search misses the worm's 4.6 MB obfuscated file due to size limits, leaving manual review as the only detection path.

This pattern repeats earlier supply-chain failures where platform defaults favor usability over verifiable history. Refusing to surface immutable pusher data or treat metadata abuse as in-scope leaves downstream maintainers exposed. Similar design choices appear in other forges that treat git objects as trusted by default.

Without changes to commit display defaults, variants will continue propagating through unmaintained packages. Expect renewed campaigns once current detections age out.