By rssfeeds-admin New TrapDoor supply chain campaign, an active attack deploying 34 malicious packages and over 384 related versions across npm, PyPI, and Crates.io to steal developer credentials and cryptocurrency wallets.
The operation explicitly targets developers in the crypto, DeFi, Solana, and AI communities by disguising malware as generic developer tools and security scanners.
The campaign’s earliest observed component was the PyPI package eth-security-auditor@0.1.0, published on May 22, 2026, before expanding rapidly into other repositories. Packages were uploaded in distinct waves across all three registries, utilizing deceptive names like prompt-engineering-toolkit, solidity-deploy-guard, and defi-threat-scanner to heavily feign legitimacy within adjacent developer communities.
Socket’s detected these TrapDoor releases with a median detection time of 5 minutes and 27 seconds, effectively classifying the entire campaign as malicious before widespread adoption could occur.
Cross Ecosystem Attack Vectors
The TrapDoor campaign utilizes distinct, ecosystem-specific execution paths to maximize its reach during standard developer installation and build workflows. By tailoring the attack vector to the specific package registry, the threat actor ensures silent execution occurs before developers can properly inspect the underlying dependencies.
| Registry Target | Execution Method | Notable Payload Behavior | Encryption and Exfiltration |
|---|---|---|---|
| npm | Postinstall hooks. | Deploys a shared trap-core.js payload for persistent credential harvesting. | Uses Fernet and ECDH encryption while validating credentials via API. |
| PyPI | Auto-execute on import. | Downloads a remote JavaScript payload from GitHub Pages via node -e. | Externally hosted payload allows dynamic behavioral updates without new releases. |
| Crates.io | Rust build.rs scripts. | Actively searches for and targets local Sui and Move developer keystores. | Employs XOR encryption utilizing the hardcoded key cargo-build-helper-2026 . |
TrapDoor attempts to harvest an extensive array of developer data, specifically targeting Sui, Solana, and Aptos crypto wallets, alongside SSH keys, browser profiles, and AWS environment variables.
The 1,149-line shared npm payload, trap-core.js, actively ensures long-term access by establishing complex persistence through systemd services, cron jobs, Git hooks, and shell hooks.
Furthermore, stolen SSH keys are subsequently repurposed to execute automated lateral movement, effectively transforming single compromised workstations into persistent gateways for broader corporate network breaches.
A defining characteristic of TrapDoor is its deliberate targeting of AI coding assistants via modified .cursorrules and CLAUDE.md project files.
The threat actor utilizes zero-width Unicode characters to obscure malicious prompts, tricking the AI into performing hostile credential exfiltration under the guise of executing an automated project security scan, Socket said.
To scale this specific attack vector, the attacker used the GitHub account ddjidd564 to submit deceptive pull requests containing these poisoned configuration files to prominent open-source AI projects like LangChain, MetaGPT, and OpenHands.
The attacker maintains a sophisticated command and control architecture on GitHub Pages, hosting active malicious configuration files alongside a detailed AUDIT-MATRIX.md framework design document.
This operational playbook describes a “Universal AI Agent Extraction Framework” that strategically relies on a disguise layer to map stealthy credential theft to seemingly benign developer automation workflows.
To maximize the value of exfiltrated data, the payloads actively validate stolen AWS and GitHub tokens via live API queries while utilizing advanced cryptography across the different ecosystems to evade standard network detection.
Follow us on Google News, LinkedIn, and X to Get More Instant Updates.
The post Hackers Compromised 34 Packages in npm, PyPI, and Crates in New Supply Chain Attack appeared first on Cyber Security News.
Discover more from RSS Feeds Cloud
Subscribe to get the latest posts sent to your email.