Security researchers have discovered a malicious software campaign named TrapDoor spreading across multiple open-source software repositories, affecting the dependency ecosystems commonly used by cryptocurrency and blockchain developers. The attackers target not only local files but also high-value data such as wallet keys, cloud service credentials, and code repository access tokens.
Malicious packages detected simultaneously in three major open-source repositories
This campaign targeted the three major software package ecosystems: npm, PyPI, and Crates.io. Researchers identified more than 30 malicious packages, with over 300 affected versions appearing in a concentrated timeframe.
The report noted that this campaign began to intensify around May 22. Meanwhile, GitHub had reported on May 20 that its internal code repositories had experienced unauthorized access. Available information indicates that these malicious packages were not uploaded sporadically but were instead deployed in batches across multiple accounts to reduce the likelihood of early detection.
Can be triggered during the installation and compilation phase.
The propagation method of TrapDoor relies on the installation and build workflows commonly used by developers. JavaScript packages can automatically execute via post-install scripts after dependencies are installed; Python packages can trigger execution during the import phase; Rust packages can execute during compilation using build scripts.
After executing malicious code, it scans the local system for sensitive information, including SSH keys, API tokens, environment variables, and common configuration files. Some variants also read authentication information saved in browsers and send the stolen data to external servers controlled by the attackers.
Researchers also noted that individual samples attempt to modify the boot process or inject malicious hooks into development tools to maintain persistent access.
Wallets, AWS, and GitHub are primary targets.
From the target selection, this attack clearly targets cryptocurrency development environments. The malware collects data related to cryptocurrency wallets and attempts to obtain AWS credentials and GitHub access tokens. If compromised, this information could allow attackers to gain further access to private code repositories, deployment processes, and backend systems.
In addition to cloud and code permissions, SSH keys are also a critical target. If these keys are compromised, attackers could gain access to developers' devices and even connect to production servers. For crypto projects, this means the risk extends beyond individual endpoints and could spread to infrastructure and the release pipeline.
AI coding tools have also been incorporated into the attack chain.
Another characteristic of this campaign is the beginning of leveraging AI-assisted development environments. Some malicious packages contain configuration files such as .cursorrules and CLAUDE.md, intended to influence how AI coding assistants interpret and execute project instructions.
The report indicates that attackers are not only relying on traditional malicious code execution but also attempting to leverage AI tool workflows to manipulate them into exposing sensitive information or performing inappropriate actions. This demonstrates that supply chain attacks are extending beyond the code level to the automated toolchains used by developers.