According to findings by cybersecurity firm Socket, a sophisticated malware operation called TrapDoor distributed dozens of malicious packages in package ecosystems frequently used by software developers. This operation, which specifically targeted developers working on cryptocurrency and artificial intelligence projects, revealed that 34 different packages and 384 versions were spread across popular open source platforms such as npm, PyPI and Crates.
Targeted sectors and platforms
The TrapDoor attack specifically prioritized developers working in technical fields such as cryptocurrency wallets, cloud infrastructure management and artificial intelligence development. Among the platforms attacked were Coinbase, Binance, Solana, Aptos and MetaMask, which are among the leading names in the market, and the wallet feature of the Brave browser.
Socket’s technical team stated that TrapDoor was designed to target many well-known cryptocurrency wallets and has additionally spread into the tools that developer communities use daily.
The malware captures sensitive data such as wallet information, SSH keys, access keys to cloud services, and API authorization keys. These packages, which are frequently included in workflows in developer interfaces, are often downloaded without being subjected to detailed security review.
Innovative attack technique
The most striking aspect that distinguishes TrapDoor from similar attacks is the manipulation of artificial intelligence-supported developer assistants. In particular, special commands hidden inside the packages were placed to mislead popular artificial intelligence coding tools such as Claude and Cursor. While these commands enable software assistants to perform a so-called security assessment, they also transmit sensitive information to attackers in the background.
Mini dictionary: Prompt injection is the manipulation of the model in artificial intelligence applications to receive unexpected or harmful commands. With this method, attackers can force AI tools to perform actions other than the original intent or send confidential data.
Malicious packages are similar in name to legitimate and common developer tools. It is offered with names that mimic the libraries and starter modules used in blockchain projects such as Solidity, Sui and Move. It is stated that thanks to this strategy, attackers can easily infiltrate different developer communities.
Distribution channels and detection process
The TrapDoor operation is spread across major open source package platforms such as npm (JavaScript/Node.js), PyPI (Python development) and Crates (Rust ecosystem). While most packages mimic legitimate tools; It is emphasized that it is also distributed through fake security frameworks and decoy repositories, which are thought to be prepared with the support of artificial intelligence.
Socket stated that a malicious package was detected in an average of 5 minutes and 27 seconds, and the fastest detection occurred in only 58 seconds. GitHub in particular played an important role in the distribution. Additionally, on May 20, it was reported that GitHub experienced an independent cyberattack within the company, allowing unauthorized access to systems by compromising an employee’s computer.
| Package Platform | Targeted Sectors | Most Known Targets |
|---|---|---|
| npm | Cryptocurrency, artificial intelligence | Coinbase, MetaMask |
| PyPI | Data science, machine learning | Binance, Solana |
| Crates | Blockchain development | brave wallet |
The TrapDoor attack campaign is still active and the perpetrators have not been identified. Socket did not directly attribute responsibility for the incident to any hacking group or cybercrime organization.
