Image credit: Unsplash
A new software supply-chain campaign called TrapDoor is targeting crypto, DeFi, Solana and AI developers through malicious packages published on npm, PyPI and Crates.io.
Socket said the campaign spans more than 34 malicious packages and 384 related versions and artifacts. The earliest observed package was uploaded on May 22.
Trap-Core.Js Steals Wallets, AWS and GitHub Secrets
Socket said the packages are designed to steal crypto wallets, SSH keys, AWS credentials, GitHub tokens, browser data, environment variables and other developer secrets. Several npm packages deploy a shared payload called trap-core.js.
The payload scans for credentials, validates stolen AWS and GitHub tokens, attempts SSH-based lateral movement and tries to establish persistence on compromised machines. That makes the campaign especially risky for crypto teams, where developer environments may contain wallet keystores, deployment credentials, RPC secrets or exchange API keys.
AI Instruction Files Become Persistence Path
One unusual part of TrapDoor is its use of AI-assisted development workflows as part of the attack surface. Socket said the malware attempts to plant or abuse files such as .cursorrules and CLAUDE.md. It also targets Git hooks, shell hooks, systemd, cron and SSH-related mechanisms.
That matters because some developer tools may automatically trust project-level instruction files. If those files are modified by malware, they can become another path for persistence, credential theft or future compromise.
Malicious Packages Target Solana, Sui and Move Developers
The campaign appears tailored for developers working in crypto and blockchain environments. Socket said malicious Rust packages specifically targeted Sui and Move developers through build.rs scripts. The wider package naming strategy was designed to look relevant to crypto development, security tooling, local environment setup and AI workflows.
That approach helps malicious packages blend into normal developer activity. A package that appears to support crypto tooling or AI workflows can still carry payloads that steal secrets from the local machine.
Teams Should Rotate GitHub, Cloud and SSH Secrets
TrapDoor comes as open-source supply-chain attacks keep rising across developer ecosystems. This week, reports said the hacking group TeamPCP has carried out more than 20 waves of software supply-chain attacks since late 2025, compromising more than 500 tools.
For crypto firms, the practical risk is serious. A malicious dependency can move from a developer machine into CI/CD systems, cloud infrastructure, private repositories or wallet-adjacent tooling if secrets are not isolated.
Teams that installed suspicious packages from npm, PyPI or Crates.io should treat affected environments as potentially compromised. The priority is to remove the packages, rotate GitHub, cloud, SSH and wallet-related secrets, and review AI instruction files, shell startup files and Git hooks for tampering.
