A sophisticated software supply chain attack known as TrapDoor has been identified across npm, PyPI, and Crates.io, aiming to distribute malware that steals credentials. This attack is notable for its broad reach, affecting over 34 malicious packages and more than 384 versions. The campaign first surfaced on May 22, 2026, with packages rapidly published from multiple accounts.
Targeted Developer Communities
TrapDoor specifically targets developers involved in cryptocurrency, decentralized finance (DeFi), Solana, and artificial intelligence (AI) sectors. According to the cybersecurity firm Socket, these malicious packages are crafted to extract developer secrets, such as crypto wallets, SSH keys, cloud credentials, and browser data. This highlights a growing trend of attacks aimed at exploiting high-value digital targets.
Among the npm packages, a common payload known as trap-core.js is deployed. This script is responsible for scanning and validating credentials, facilitating SSH-based lateral movement, and establishing persistence through various means including systemd and cron jobs. Such sophisticated techniques enable the malware to maintain a foothold on compromised systems.
Malware Distribution Techniques
The TrapDoor campaign is distinct for its use of diverse distribution methods. Attackers leverage postinstall hooks, remote JavaScript payloads, and malicious build.rs scripts to infiltrate systems, particularly targeting Sui and Move developers. By masquerading as legitimate tools, these packages can deceive unsuspecting users and gain widespread distribution.
The Rust crates employed in the attack seek out local keystores, encrypt data using a hardcoded XOR key, and exfiltrate the information to GitHub Gists. Similarly, Python packages are designed to auto-execute upon import, downloading JavaScript from attacker-controlled domains. This strategy allows attackers to update the payload remotely, enhancing their operational flexibility.
Implications for Developer Workflows
An unusual tactic observed in this campaign involves embedding hidden instructions within files such as .cursorrules and CLAUDE.md. These are intended to deceive AI assistants into conducting unauthorized security scans, inadvertently leading to secret exfiltration. By opening GitHub pull requests in popular AI and developer projects, the attackers test the viability of introducing malicious files through standard contribution processes.
The TrapDoor campaign exemplifies the evolving threat landscape, where attackers increasingly target developer workflows to gain access to sensitive information. By exploiting ecosystem-specific execution paths, such as build.rs in Rust, postinstall hooks in npm, and import-time execution in Python, attackers are able to tailor their strategies to specific development environments and maximize their impact.
This attack underscores the need for heightened vigilance and robust security practices among developers, particularly those working in high-stakes sectors like cryptocurrency and AI. As attackers grow more sophisticated, protecting developer environments becomes critical to safeguarding sensitive data and maintaining secure software supply chains.
