A coordinated cross ecosystem software supply chain attack campaign identified as TrapDoor has targeted widely used developer repositories including npm, PyPI, and Crates.io to distribute credential stealing malware, according to findings shared by cybersecurity firm Socket. The campaign reportedly spans more than 34 malicious packages across over 384 versions, with the earliest known activity observed on May 22, 2026, at 8:20 p.m. UTC. Researchers stated that malicious packages were published in rapid waves through clusters of accounts, signaling an organized effort to compromise developer environments across multiple programming ecosystems. Socket noted that the operation appears to focus heavily on developers working within cryptocurrency, decentralized finance, Solana, and artificial intelligence communities, where access to wallets, credentials, and cloud infrastructure could hold high operational and financial value.
According to the investigation, the malicious packages were specifically designed to harvest sensitive information from developer systems, including crypto wallets, SSH keys, browser data, environment variables, cloud credentials, and authentication tokens. Several npm packages reportedly deployed a shared malicious JavaScript payload identified as trap core.js, which scans systems for credentials, validates stolen AWS and GitHub tokens, attempts SSH based lateral movement, and establishes persistence across infected machines. Persistence techniques allegedly include modifications through Git hooks, shell hooks, cron jobs, systemd services, SSH configurations, and hidden files such as .cursorrules and CLAUDE.md. Researchers emphasized that this TrapDoor campaign has no known connection to another operation using the same name that was recently documented by HUMAN’s Satori Threat Intelligence and Research Team involving ad fraud through hundreds of Android applications on Google Play Store.
Socket identified multiple malicious packages distributed through npm, PyPI, and Crates.io, with attackers disguising them as seemingly harmless utilities commonly used by developers. On npm, packages such as crypto credential scanner, defi threat scanner, eth wallet sentinel, wallet security checker, and web3 secrets detector were among those identified. Malicious Rust crates on Crates.io reportedly included packages targeting Sui and Move developers through harmful build.rs scripts, allowing malware execution during package compilation. Researchers explained that the Rust based payloads searched for local keystores, encrypted collected information using a hardcoded XOR key, and exfiltrated data to GitHub Gists. Meanwhile, Python packages distributed through PyPI were designed to automatically execute during import and download JavaScript payloads hosted on an attacker controlled GitHub Pages domain. The downloaded code was then executed using node -e, enabling attackers to modify malware behavior remotely without publishing updated package versions.
An unusual aspect of the campaign involved hidden instructions planted within .cursorrules and CLAUDE.md files intended to manipulate artificial intelligence coding assistants into performing fake security scans that ultimately exposed sensitive information. Researchers observed GitHub pull requests submitted across several prominent AI and developer focused projects, including browser use, LangChain, and Langflow, indicating attempts to introduce malicious files through standard open source contribution workflows. Socket stated that the activity suggests attackers may be experimenting with methods that influence AI coding tools into interpreting hidden instructions and unintentionally assisting in credential discovery and exfiltration. Security researchers noted that the incident reflects a growing trend where cybercriminal actors increasingly target software development pipelines, blending traditional package impersonation techniques with newer attacks aimed at developer workflows, AI tooling, and open source collaboration environments.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.
