Key Points
- Socket security researchers identified a sophisticated malware operation dubbed “TrapDoor” that distributed 34 compromised packages through npm, PyPI, and Crates repositories
- The campaign specifically targets developers working on cryptocurrency, decentralized finance, artificial intelligence, and cybersecurity projects to extract wallet information, SSH credentials, cloud access tokens, and API authentication keys
- Affected cryptocurrency wallets include major platforms such as Coinbase, Binance, Solana, MetaMask, and the Brave browser
- The malicious code embeds covert commands that manipulate AI development assistants like Claude and Cursor, deceiving them into executing fraudulent “security audits”
- The attack leveraged GitHub for distribution, notably occurring after GitHub experienced its own security breach on May 20 when a staff member’s computer was compromised
A sophisticated malware operation is actively compromising developers who create cryptocurrency and artificial intelligence applications by embedding malicious code within software packages commonly integrated into development workflows.
On Sunday, cybersecurity company Socket released detailed findings about this campaign, designated “TrapDoor.” Socket’s team initially detected the threat on Friday. Within that brief window, adversaries had successfully distributed over 34 contaminated packages along with 384 associated versions throughout various development platforms.
TrapDoor’s Capabilities and Targets
The malicious software operates by extracting confidential information from infected systems. Its primary objectives include capturing cryptocurrency wallet credentials, SSH authentication keys, cloud service access tokens, GitHub authorization tokens, browser extension information, and API authentication credentials.
Ahmad Nassri, Socket’s chief technology officer, verified that the malware specifically pursues numerous prominent cryptocurrency wallet platforms. These targeted services encompass Coinbase, Binance, Solana, Sui, Aptos, and MetaMask. Additionally, the Brave web browser falls within the attack’s scope.
A particularly noteworthy characteristic distinguishes TrapDoor from conventional threats. The malicious code inserts concealed directives into AI-powered development assistants, particularly targeting Claude and Cursor. These instructions deceive the AI tools into executing what appears to be legitimate security verification procedures, which subsequently extract and transmit confidential information without alerting the developer.
The compromised packages appeared across three primary developer platforms. These include npm, utilized by JavaScript and Node.js programmers; PyPI, extensively adopted within data science, artificial intelligence, and automation communities; and Crates, serving Rust programming language developers.
Attack Methodology and Distribution
The adversaries crafted package identifiers to mimic legitimate development resources. According to Socket’s analysis, these packages impersonated standard development utilities, project initialization frameworks, model routing libraries, and compilation assistants for Solidity, Sui, and Move programming languages.
This strategic approach enables the campaign to reach numerous developers who regularly interact with cryptocurrency wallets, cloud infrastructure, and GitHub repositories throughout their daily operations.
Socket’s investigation revealed indicators suggesting artificial intelligence assistance in the attack’s execution. The GitHub activity patterns displayed extensive security-oriented framework structures, generic decoy repositories, and prompt-injection documentation interwoven with functional malicious components.
The campaign utilized GitHub as its primary distribution mechanism. Coincidentally, the platform had previously disclosed an unrelated security compromise on May 20, involving unauthorized entry to internal repositories following the infiltration of an employee’s workstation.
Socket’s monitoring systems recorded a median identification interval of 5 minutes and 27 seconds for detecting malicious package versions. The most rapid detection occurred merely 58 seconds following a package’s publication.
This operation represents a broader pattern of cybercriminals injecting compromised packages into developer repositories, exploiting the common practice of developers installing dependencies during standard workflows, frequently without thorough examination.
Socket has not attributed TrapDoor to any particular individuals or organized threat groups. The campaign remained operationally active when Socket published its findings.
Get 3 Free Stock Ebooks
Discover top-performing stocks in AI, Crypto, and Technology with expert analysis.
- Top 10 AI Stocks - Leading AI companies
- Top 10 Crypto Stocks - Blockchain leaders
- Top 10 Tech Stocks - Tech giants
