TLDR
- Socket security researchers identified a sophisticated malware operation dubbed “TrapDoor” distributing 34 compromised packages through npm, PyPI, and Crates repositories
- The campaign specifically focuses on cryptocurrency, DeFi, artificial intelligence, and security professionals to extract sensitive wallet information, SSH keys, cloud access tokens, and API credentials
- Major cryptocurrency platforms in the crosshairs include Coinbase, Binance, Solana, MetaMask, and the Brave web browser
- A unique feature involves injecting concealed commands that manipulate AI development assistants like Claude and Cursor into executing fraudulent “security audits”
- The distribution platform GitHub experienced its own security breach on May 20 following unauthorized access through a compromised employee workstation
A sophisticated malware operation is actively compromising developers working on cryptocurrency and artificial intelligence applications by embedding malicious code within commonly used software packages.
Socket, a cybersecurity research firm, released findings on Sunday documenting this campaign, which they designated “TrapDoor.” According to their timeline, the threat was initially detected on Friday. Within that short window, threat actors had successfully deployed over 34 contaminated packages along with 384 associated versions throughout various development platforms.
TrapDoor’s Operational Capabilities
The malicious software functions primarily as an information stealer. Its collection targets encompass cryptocurrency wallet credentials, SSH authentication keys, cloud platform access tokens, GitHub authentication credentials, browser extension information, and application programming interface keys.
Ahmad Nassri, serving as Socket’s chief technology officer, verified that the malware specifically pursues numerous prominent cryptocurrency wallet platforms. The targeted list encompasses Coinbase, Binance, Solana, Sui, Aptos, and MetaMask. Additionally, the Brave web browser falls within the attack scope.
A particularly innovative component distinguishes TrapDoor from typical malware. The attack vector incorporates concealed directives into artificial intelligence development assistants, particularly targeting Claude and Cursor. These injected commands deceive the AI tools into executing what masquerades as a legitimate security verification process, subsequently causing the assistant to locate and exfiltrate confidential information without alerting the developer.
The compromised packages infiltrated three prominent developer package repositories. These platforms include npm, the standard repository for JavaScript and Node.js development communities; PyPI, extensively utilized throughout data science, machine learning, and automation projects; and Crates, the primary distribution channel for Rust programming language developers.
Attack Methodology and Distribution
The threat actors crafted package identifiers to mimic legitimate development resources. Socket’s analysis revealed deliberate design choices meant to replicate authentic development utilities, project initialization frameworks, model routing libraries, and compilation tools for Solidity, Sui, and Move programming languages.
This strategic approach provides the attackers with extensive access to development professionals who regularly interact with cryptocurrency wallet systems, cloud infrastructure platforms, and GitHub repositories as part of standard workflows.
Socket’s investigation uncovered indicators suggesting artificial intelligence assistance in the campaign’s development. The GitHub activity patterns displayed extensive security-focused infrastructure, generic decoy repositories, and prompt-injection reference materials integrated alongside functional malicious components.
GitHub served as a primary distribution mechanism for the contaminated packages. Notably, the platform had previously disclosed a distinct security compromise on May 20, involving unauthorized penetration of internal repositories following the breach of an employee’s computing device.
Socket documented that the median time to detection for malicious package versions stood at 5 minutes and 27 seconds. The most rapid identification occurred merely 58 seconds following a package’s publication.
This offensive represents a continuation of an expanding pattern where malicious actors inject compromised packages into developer repositories, capitalizing on the knowledge that developers frequently install dependencies as routine practice, typically without rigorous examination.
Socket has refrained from attributing TrapDoor to any particular individuals or organized groups. At the time of their disclosure, the campaign remained operationally active.
Get 3 Free Stock Ebooks
Discover top-performing stocks in AI, Crypto, and Technology with expert analysis.
- Top 10 AI Stocks - Leading AI companies
- Top 10 Crypto Stocks - Blockchain leaders
- Top 10 Tech Stocks - Tech giants
