A recent cyber attack has compromised 34 packages within npm, PyPI, and Crates.io, deploying numerous malicious versions in a bid to steal developer credentials and cryptocurrency wallets. This new threat, known as the TrapDoor supply chain campaign, is particularly targeting developers involved in cryptocurrency, DeFi, Solana, and artificial intelligence.
Targeted Developer Communities
The TrapDoor campaign strategically infiltrates by masquerading as legitimate developer tools and security scanners. The attack began with the PyPI package [email protected] released on May 22, 2026, and has since expanded across various repositories. Deceptive package names like prompt-engineering-toolkit and defi-threat-scanner have been used to penetrate developer communities.
Socket’s security systems detected these malicious releases with a median detection time of 5 minutes and 27 seconds, enabling the classification of the entire campaign as harmful before it could gain significant traction.
Cross-Ecosystem Attack Strategies
The TrapDoor campaign employs ecosystem-specific methods to maximize its reach during typical developer workflows. Different execution paths are tailored for each package registry, ensuring the malware executes silently before thorough inspection by developers. For npm, postinstall hooks are utilized, while PyPI packages execute automatically upon import. Crates.io scripts target local Sui and Move developer keystores.
Extensive data harvesting is a core component of this attack, focusing on crypto wallets, SSH keys, and AWS environment variables. The npm payload, trap-core.js, establishes persistent access through systemd services, cron jobs, and other methods.
AI and Broader Implications
TrapDoor’s sophistication extends to targeting AI coding assistants. Modified project files trick AI systems into executing malicious credential exfiltration. These attacks have been propagated through deceptive pull requests to popular open-source AI projects.
The campaign’s command and control infrastructure on GitHub Pages supports its operations, utilizing advanced cryptography to evade standard network detections. This framework aims to validate stolen AWS and GitHub tokens via live API queries, enhancing the value of the exfiltrated data.
As this attack continues to unfold, it highlights the critical need for developers to remain vigilant and employ robust security measures to protect their environments from such evolving threats.
