Socket Security disclosed that the TrapDoor theft program is launching supply chain attacks on code repositories such as npm, PyPI, and Crates.io, with 34 malicious packages and 384 versions and artifacts identified. The attacks target developers in the cryptocurrency, DeFi, AI, and security sectors, stealing sensitive information including wallets, SSH keys, cloud credentials, and GitHub tokens. The median detection time for malicious versions is 5 minutes and 27 seconds, with the fastest detection time at 58 seconds.
TrapDoor Stealer targets npm, PyPI, and Crates.io with 34 malicious packages
AiCoinShare
Summary
A security breach involving the TrapDoor stealer has been reported, with malicious packages discovered on npm, PyPI, and Crates.io. Socket Security identified 34 packages and 384 versions targeting developers in crypto, DeFi, AI, and security. Attackers aim to steal wallet keys, SSH keys, cloud credentials, and GitHub tokens. The median detection time was 5 minutes and 27 seconds, with the fastest detected in 58 seconds. This on-chain news underscores the escalating threat to developer ecosystems.
Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information.
Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.