TL;DR:
- Socket reported discovering TrapDoor Friday and detailed it Sunday, saying the campaign deployed more than 34 malicious packages and 384 related versions.
- The malware targets crypto, DeFi, AI and security developers through npm, PyPI and Crates, stealing wallet data, SSH keys, cloud credentials, GitHub tokens and API keys.
- Its prompt-injection angle tries to hijack Claude and Cursor into running workflows that discover and exfiltrate secrets from developer environments and credentials.
Socket Security’s TrapDoor findings describe a developer-supply-chain threat aimed squarely at crypto’s build layer, not ordinary end users. The campaign was discovered Friday and reported Sunday, with more than 34 malicious packages and 384 related versions pushed across several ecosystems as attackers repeatedly shipped new releases. Its targets include crypto, decentralized finance, AI and security developers, a mix that makes the campaign feel unusually tailored to today’s coding stack. The attack is striking because it hunts where private keys and automation meet, inside the tools builders trust while working quickly.
TrapDoor Turns Developer Convenience Into Attack Surface
The malware’s reach runs through familiar package channels, including npm for JavaScript and Node.js, PyPI for Python, and Crates for Rust. Package names were crafted to resemble development helpers, project setup utilities, model routing tools, prompt engineering packages, Solidity tooling and Sui or Move build helpers. That camouflage matters because developers often install dependencies as routine infrastructure, not as high-risk binaries. TrapDoor hides inside the normal rhythm of software work, making the campaign less like a phishing page and more like a poisoned shortcut embedded in daily engineering habits.
The payload is designed for broad credential theft. Socket said the malware targets wallet data, SSH keys, cloud credentials, GitHub tokens, browser extension data and API keys. Named targets include Coinbase, Binance, Solana, Sui, Aptos, MetaMask and the Brave browser, showing how the campaign spans both wallet environments and developer workstations. The most unnerving feature is its prompt-injection angle against Claude and Cursor, where hidden instructions try to hijack AI coding assistants into running a supposed security scan that discovers and exfiltrates secrets. AI tooling becomes part of the exploit chain, not just another productivity layer.
The GitHub activity behind the packages showed rapid, AI-assisted-style iteration, with broad security-themed scaffolding, generic lure repositories, prompt-injection documentation and partially implemented extraction concepts mixed with working malware components. That combination gives TrapDoor a rough but persistent feel: not flawless, yet fast enough to keep refreshing its reach. For crypto teams, the warning is no longer limited to audited smart contracts, because compromised development environments can expose wallets, repositories and infrastructure before code ever reaches production. The practical response is stricter dependency review, reduced secret exposure and more skepticism toward helpers that promise convenience inside high-value crypto workflows across languages, repositories and automated workflow paths.
