TrapDoor Malware Targets Crypto and AI Developers in Supply Chain Attack

TLDR

• Security firm Socket discovered a malware campaign called “TrapDoor” deploying 34 malicious packages across npm, PyPI, and Crates developer ecosystems
• The attack targets crypto, DeFi, AI, and security developers to steal wallet data, SSH keys, cloud credentials, and API keys
• TrapDoor targets major crypto wallets including Coinbase, Binance, Solana, MetaMask, and the Brave browser
• The malware injects hidden instructions to hijack AI coding assistants Claude and Cursor, tricking them into running fake “security scans”
• GitHub, which was used to spread the packages, had itself been compromised on May 20 after an employee’s device was breached

Developers building crypto and AI tools are being targeted by a new malware campaign that hides inside software packages they routinely download as part of their work.

Security firm Socket published a report on Sunday revealing the campaign, which it named “TrapDoor.” Socket said it discovered the attack on Friday. By the time of the report, attackers had already pushed more than 34 malicious packages and 384 related versions across multiple developer ecosystems.

What TrapDoor Does

The malware is designed to steal sensitive data. Targets include crypto wallet information, SSH keys, cloud credentials, GitHub tokens, browser extension data, and API keys.

Socket’s chief technology officer Ahmad Nassri confirmed the malware goes after several major crypto wallets. Those include Coinbase, Binance, Solana, Sui, Aptos, and MetaMask. The Brave browser is also a target.

One aspect of TrapDoor makes it stand out. The malware injects hidden instructions into AI coding assistants, specifically Claude and Cursor. It tricks these tools into running what appears to be a security scan, which then causes the assistant to find and send out sensitive data without the developer realizing.

The malicious packages were found in three major developer repositories. These are npm, used by JavaScript and Node.js developers; PyPI, widely used in data science, AI, and automation; and Crates, used by Rust developers.

How the Attack Works

The package names were made to look like normal developer tools. Socket said they were designed to resemble development helpers, project setup tools, model routing utilities, and build helpers for Solidity, Sui, and Move.

This approach gives the campaign access to a wide range of developers who work with crypto wallets, cloud services, and GitHub on a regular basis.

Socket said the attack showed signs of being AI-assisted. The GitHub activity included broad security-themed scaffolding, generic lure repositories, and prompt-injection documentation mixed with working malware components.

GitHub was used to spread the malicious packages. The platform had already reported a separate security incident on May 20, when unauthorized access to its internal repositories was discovered following the compromise of an employee’s device.

Socket noted the median detection time for malicious versions was 5 minutes and 27 seconds. The fastest detection came just 58 seconds after a package was released.

The attack is part of a wider trend of threat actors loading poisoned packages into developer repositories, knowing developers will install them as part of routine workflows, often without close inspection.

Socket has not named any specific individuals or groups behind TrapDoor. The campaign was still active at the time of reporting.

The post TrapDoor Malware Targets Crypto and AI Developers in Supply Chain Attack appeared first on CoinCentral.