TrapDoor Malware Campaign Compromises 34 Open-Source Packages Across Multiple Ecosystems
In a recent and sophisticated supply chain attack, dubbed the TrapDoor campaign, cybercriminals have infiltrated 34 open-source packages across npm, PyPI, and Crates.io repositories. This malicious operation, identified on May 22, 2026, aims to steal developer credentials and cryptocurrency wallets by embedding malware into packages masquerading as legitimate developer tools and security scanners.
Targeted Developer Communities
The TrapDoor campaign specifically targets developers within the cryptocurrency, decentralized finance (DeFi), Solana, and artificial intelligence (AI) sectors. By disguising malicious packages under names such as `prompt-engineering-toolkit`, `solidity-deploy-guard`, and `defi-threat-scanner`, the attackers exploit the trust and reliance developers place on these tools.
Timeline and Distribution
The campaign’s initial activity was detected with the publication of the PyPI package `[email protected]` on May 22, 2026. Subsequently, the attackers expanded their reach by uploading malicious packages in waves across all three repositories. This strategic distribution increases the likelihood of the malware being integrated into various development projects before detection.
Ecosystem-Specific Attack Vectors
The TrapDoor campaign employs tailored execution methods for each package registry to maximize its impact:
– npm: Utilizes post-installation hooks to deploy a shared `trap-core.js` payload, enabling persistent credential harvesting. The malware employs Fernet and Elliptic Curve Diffie-Hellman (ECDH) encryption to validate credentials via API.
– PyPI: Executes automatically upon import by downloading a remote JavaScript payload from GitHub Pages using the `node -e` command. This approach allows the attackers to update the payload dynamically without releasing new package versions.
– Crates.io: Leverages Rust’s `build.rs` scripts to actively search for and target local Sui and Move developer keystores. The malware uses XOR encryption with a hardcoded key (`cargo-build-helper-2026`) to obfuscate its activities.
Data Harvesting and Persistence Mechanisms
The TrapDoor malware is designed to harvest a wide range of sensitive developer data, including:
– Sui, Solana, and Aptos cryptocurrency wallets
– SSH keys
– Browser profiles
– AWS environment variables
The `trap-core.js` payload, consisting of 1,149 lines of code, ensures long-term access by establishing persistence through various methods:
– Systemd services
– Cron jobs
– Git hooks
– Shell hooks
Additionally, stolen SSH keys are repurposed to facilitate automated lateral movement within networks, transforming a single compromised workstation into a gateway for broader corporate network breaches.
Exploitation of AI Coding Assistants
A notable aspect of the TrapDoor campaign is its deliberate targeting of AI coding assistants. The attackers modify project files such as `.cursorrules` and `CLAUDE.md` to include zero-width Unicode characters, effectively concealing malicious prompts. This technique tricks AI assistants into executing credential exfiltration under the guise of performing automated security scans.
To propagate this attack vector, the threat actor used the GitHub account `ddjidd564` to submit deceptive pull requests containing these poisoned configuration files to prominent open-source AI projects like LangChain, MetaGPT, and OpenHands.
Command and Control Infrastructure
The attackers maintain a sophisticated command and control (C2) architecture hosted on GitHub Pages. This infrastructure hosts active malicious configuration files alongside legitimate project documentation, further obfuscating the malicious activities and making detection more challenging.
Detection and Mitigation
Security firm Socket detected the TrapDoor releases with a median detection time of 5 minutes and 27 seconds, effectively classifying the entire campaign as malicious before widespread adoption could occur. This rapid detection underscores the importance of vigilant monitoring and swift response mechanisms in mitigating supply chain attacks.
Recommendations for Developers
To protect against such sophisticated supply chain attacks, developers are advised to:
1. Verify Package Integrity: Always verify the authenticity and integrity of packages before integration. Check for signs of tampering or unauthorized modifications.
2. Monitor Dependencies: Regularly monitor and audit project dependencies for any unusual activity or updates.
3. Implement Least Privilege: Adopt the principle of least privilege by limiting the permissions granted to development tools and environments.
4. Stay Informed: Keep abreast of the latest security advisories and updates from trusted sources to respond promptly to emerging threats.
5. Use Security Tools: Employ security tools and services that can detect and alert on suspicious activities within your development pipeline.
By adhering to these practices, developers can enhance their security posture and reduce the risk of falling victim to supply chain attacks like TrapDoor.
