A sophisticated supply chain attack dubbed “TrapDoor” is actively compromising developers across npm, PyPI, and Crates.io, according to new research from Socket and collaborating security firms. First detected around May 22, the campaign has so far infected more than 34 malicious packages spanning roughly 384 versions, each carefully disguised as legitimate developer tools—ranging from security scanners and Solidity helpers to AI utilities and build tools for emerging blockchains like Sui and Move.
What makes TrapDoor particularly insidious is its multi-vector execution strategy. Rather than relying on a single infection method, the malware leverages postinstall hooks in npm, import-time scripts in Python packages, and Rust build.rs procedures to silently exfiltrate sensitive data once a package is integrated into a project. Once activated, the malware hunts for high-value credentials: wallet keystores, SSH private keys, GitHub personal access tokens, AWS access keys, browser session data, and environment variables. Perhaps most alarmingly, researchers observed that TrapDoor even attempts to manipulate AI coding assistants like Claude and Cursor by injecting hidden prompt files, potentially steering automated code generation toward insecure or malicious outputs.
While registry maintainers have removed many of the identified packages, security teams emphasize that the campaign remains active and evolving. The attackers’ choice of packaging—mimicking tools that developers actively seek for Web3, AI, and cloud infrastructure work—suggests a deep understanding of current development trends and a deliberate strategy to exploit trust in open-source ecosystems. The cross-registry nature of the attack further underscores how threat actors are adopting a “spray and pray” approach across language ecosystems to maximize their chances of compromise.
For development teams, the immediate priority is proactive hygiene. Audit recently added dependencies across npm, PyPI, and Crates.io, especially those related to security tooling, blockchain development, or AI integration. Rotate all exposed credentials—including wallet keys, cloud API tokens, and SSH keys—as a precautionary measure, even if no breach is confirmed. Finally, maintain close monitoring of advisories from Socket, registry security teams, and trusted threat intelligence sources as the investigation into TrapDoor continues to unfold. In an era where software supply chains are both foundational and fragile, vigilance isn’t optional—it’s existential.
Source:: TrapDoor Malware Sneaks Into npm, PyPI, and Crates.io to Steal Developer Secrets