TrapDoor Supply Chain Attack Targets Crypto and AI Developers Across npm, PyPI, and Crates.io

A newly discovered crypto malware campaign is targeting developers who are most likely to store cryptocurrency wallet keys, cloud credentials, and production access on their workstations. Security researchers at Socket have uncovered a large-scale supply chain attack known as TrapDoor, which spread through major open-source software repositories including npm, PyPI, and Crates.io.

According to Socket, the campaign involved more than 34 malicious packages and hundreds of related versions designed to compromise developer environments. Unlike traditional cyberattacks aimed at general users, this operation specifically focused on software developers working in the cryptocurrency, blockchain, and artificial intelligence sectors.

The malicious packages were disguised as legitimate development tools, security scanners, wallet utilities, Solidity development helpers, AI-related packages, and Sui or Move programming resources. Examples included names such as "wallet-security-checker," "defi-risk-scanner," "solidity-build-guard," "move-compiler-tools," and "llm-context-compressor." Their generic appearance made them look like ordinary tools that developers might install without suspicion.

Once installed, the malware searched infected systems for sensitive information, including private keys, passwords, GitHub access tokens, cloud credentials, and browser-stored data. The packages also attempted to validate stolen credentials, use SSH keys to gain access to additional systems, and establish persistence mechanisms to maintain long-term access.

One of the campaign’s most concerning features involved targeting AI-assisted coding environments. Researchers found that attackers manipulated files such as .cursorrules and claude.md, which provide instructions to AI coding assistants. By inserting hidden commands through zero-width Unicode characters, the malware attempted to influence future AI sessions into performing fake security scans that secretly collected and transmitted sensitive information.

The attack methods varied by platform. Malicious npm packages used post-install scripts, PyPI packages executed remote JavaScript during import, and Rust packages leveraged harmful build.rs scripts during compilation, particularly targeting Sui and Move developers.

Socket reported the malicious packages to affected repositories and classified them as harmful. The company also warned that attackers submitted pull requests to open-source projects, attempting to introduce compromised AI instruction files through seemingly legitimate contributions. The incident highlights the growing threat of software supply chain attacks and reinforces the need for developers to carefully verify open-source dependencies before installation.