Malware Campaign 'TrapDoor' Targets Crypto and AI Developers

An active supply chain attack is targeting crypto and artificial intelligence developers in a bid to steal crypto, data or credentials, says the developer platform Socket.

Socket said in a report on Sunday that it discovered the malware campaign, which it dubbed “TrapDoor,” on Friday, and the campaign has deployed more than 34 malicious packages and 384 related versions, with attackers repeatedly pushing new releases across ecosystems.

TrapDoor targets crypto, decentralized finance, AI, and security developers, stealing wallet data, Secure Shell, or SSH keys, cloud credentials, GitHub tokens, browser extension data and API keys, Socket said.

The malware also targets popular crypto wallets, including Coinbase, Binance, Solana, Sui, Aptos, and MetaMask in addition to the Brave internet browser, Socket chief technology officer Ahmad Nassri said on Sunday.

Nassri said the malware injects hidden instructions to “hijack your AI coding assistant,” targeting Claude and Cursor. “The goal appears to be to trick AI assistants into running a ‘security scan’ or similar workflow that causes secret discovery and exfiltration,” Socket said.

Crypto and AI developers have increasingly become targets as malicious actors have been loading poisoned packages into “app stores” for developers, knowing they will install them as part of their normal workflow, often without checking.

TrapDoor specifically targets popular developer resources such as npm (node package manager), the package store for JavaScript/Node.js developers, the language behind most websites and web apps.

It was also found in PyPI, the equivalent for Python developers, which is widely used in data science, AI, and automation, and Crates, the same thing for Rust developers.

The malicious package names are crafted to look like “development helpers, project setup tools, model routing utilities, prompt engineering packages, Solidity tooling, and Sui or Move build helpers,” Socket said.

“This gives the campaign broad reach across adjacent developer communities where crypto wallets, cloud credentials, GitHub tokens, and SSH keys are likely to be present,” it added.

Developer platform GitHub has been used to disseminate the malicious packages, Socket said, adding the attack appeared to be AI-assisted.

“The GitHub activity shows signs of rapid, AI-assisted-style iteration: broad security-themed scaffolding, generic lure repositories, prompt-injection documentation, and partially implemented extraction concepts mixed with working malware components.”

GitHub itself was compromised on May 20 when it reported unauthorized access to its internal repositories following the compromise of an employee’s device.