Home
News
Details

TrapDoor Crypto Theft Campaign Targets npm, PyPI, and Crates.io with 34+ Malicious Packages

iconTechFlow
Share
Share IconShare IconShare IconShare IconShare IconShare IconCopy
This is the logo of the coin.
SOL
$85.97-0.58%
AI summary iconSummary

expand icon
A new TrapDoor crypto theft campaign has been uncovered, targeting npm, PyPI, and Crates.io with over 34 malicious packages. Attackers are stealing SSH keys, wallet data, and AWS credentials from developers in the crypto, DeFi, and AI + crypto news sectors. Methods include postinstall hooks, remote JavaScript execution, and local key theft. Socket Security has flagged all packages and reported them to the registries. Inflation data and developer activity remain under close watch as the threat spreads.

According to research by security firm Socket Security, a cryptocurrency-stealing supply chain attack named TrapDoor spans npm, PyPI, and Crates.io, involving over 34 malicious packages and 384 associated versions and artifacts, targeting developers in cryptocurrency, DeFi, Solana, Sui, Move, and AI. The attack samples steal sensitive information such as SSH keys, wallet data, AWS credentials, GitHub tokens, browser data, and environment variables. npm packages execute a shared payload, trap-core.js, via postinstall hooks; PyPI packages execute remote JavaScript upon import; and Crates.io packages leverage build.rs to steal local keychains. Socket has flagged all related packages as malicious and reported them to the respective package registries.

Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information. Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.