Key Highlights
- Socket security researchers identified a sophisticated malware operation dubbed “TrapDoor” that distributed 34 malicious packages through npm, PyPI, and Crates repositories
- The campaign specifically targets developers working on cryptocurrency, DeFi, artificial intelligence, and cybersecurity projects to extract wallet information, SSH keys, cloud access tokens, and API credentials
- TrapDoor specifically compromises prominent cryptocurrency wallets such as Coinbase, Binance, Solana, MetaMask, and Brave browser extensions
- The malware employs sophisticated techniques to manipulate AI-powered coding tools like Claude and Cursor by inserting concealed commands that execute fraudulent “security scans”
- The distribution platform GitHub experienced its own security breach on May 20 when unauthorized actors gained access following the compromise of an employee’s workstation
A sophisticated malware operation is actively targeting software developers who build cryptocurrency and artificial intelligence applications by embedding malicious code within software packages commonly downloaded during routine development activities.
On Sunday, cybersecurity company Socket released detailed findings about this campaign, which they designated as “TrapDoor.” The research team initially detected the malicious activity on Friday. Within that brief timeframe, threat actors had successfully deployed over 34 compromised packages along with 384 associated versions throughout various developer platforms.
TrapDoor’s Core Functionality
The primary objective of this malware is extracting confidential information from infected systems. The stolen data encompasses cryptocurrency wallet credentials, SSH authentication keys, cloud platform access tokens, GitHub authentication credentials, browser extension information, and various API authentication keys.
Ahmad Nassri, who serves as Socket’s chief technology officer, verified that the malware specifically pursues numerous prominent cryptocurrency wallet platforms. The targeted wallets include Coinbase, Binance, Solana, Sui, Aptos, and MetaMask. Additionally, the Brave web browser has been identified as a priority target.
A particularly notable characteristic distinguishes TrapDoor from conventional malware. The threat injects concealed directives into artificial intelligence-powered coding assistants, particularly targeting Claude and Cursor. These injections deceive the AI tools into executing what masquerades as a legitimate security verification process, which subsequently causes the assistant to locate and exfiltrate confidential information without alerting the developer.
The compromised packages appeared across three primary developer repository platforms. These include npm, the standard package manager for JavaScript and Node.js programmers; PyPI, extensively utilized within data science, artificial intelligence, and automation communities; and Crates, the package registry for Rust programming language developers.
Attack Methodology
The malicious package naming conventions were carefully crafted to mimic legitimate development utilities. Socket’s analysis revealed the packages were deliberately designed to appear as authentic development assistance tools, project initialization utilities, model routing frameworks, and compilation helpers for Solidity, Sui, and Move smart contract languages.
This strategic naming approach provides the campaign with extensive reach across developer communities regularly interacting with cryptocurrency wallets, cloud infrastructure platforms, and GitHub repositories.
Socket’s investigation uncovered indicators suggesting artificial intelligence assistance in the attack’s construction. The GitHub repositories associated with the campaign contained extensive security-focused framework structures, generic decoy repositories, and prompt-injection documentation integrated alongside functional malware components.
The malicious packages were primarily distributed through GitHub infrastructure. Notably, the platform had previously disclosed a distinct security incident occurring on May 20, during which unauthorized parties accessed internal repositories after successfully compromising an employee’s computing device.
Socket reported that the median time to detect malicious package versions stood at 5 minutes and 27 seconds. The most rapid detection occurred merely 58 seconds following a package’s publication.
This attack represents a continuation of an expanding pattern where malicious actors introduce contaminated packages into developer repositories, exploiting the reality that developers frequently install these packages as standard workflow components, typically without thorough scrutiny.
Socket has refrained from attributing TrapDoor to any particular individuals or organized threat groups. The campaign remained operationally active at the time their report was published.
