Cybersecurity company Socket has identified a sophisticated malware campaign known as TrapDoor that has distributed dozens of malicious packages across popular developer ecosystems. This operation specifically targets software developers working in cryptocurrency and artificial intelligence projects, with findings revealing that 34 different packages and 384 versions have infiltrated major open source platforms such as npm, PyPI, and Crates.
Primary targets and affected platforms
The TrapDoor campaign has prioritized developers operating in technical domains including cryptocurrency wallets, cloud infrastructure management, and artificial intelligence development. Among the platforms affected are industry leaders such as Coinbase, Binance, Solana, Aptos, as well as the wallet features within MetaMask and the Brave browser.
Socket’s technical team reported that TrapDoor is engineered to target many widely used cryptocurrency wallets and is further embedded within common developer tools that communities use daily.
This malicious software is designed to steal sensitive information such as wallet credentials, SSH keys, cloud service access keys, and API authentication tokens. The infected packages are frequently integrated into developer workflows and are often downloaded without rigorous security reviews.
Innovative attack method exploits AI assistants
What sets TrapDoor apart from previous attacks is its exploitation of AI-powered developer assistants. The campaign embeds specific hidden commands within its packages to manipulate popular AI code helpers like Claude and Cursor. These commands trick the tools into conducting fake security checks while secretly transmitting sensitive data back to the attackers.
Mini glossary: Prompt injection is the manipulation of an AI model to process unexpected or harmful commands. Attackers use this tactic to make AI tools perform unintended actions or leak sensitive data.
The malicious packages often mimic legitimate and well-known developer tools by using look-alike names. For example, they imitate libraries and starter modules used in blockchain projects like Solidity, Sui, and Move, allowing attackers to infiltrate various developer communities with relative ease.
Distribution channels and detection process
TrapDoor’s operations span leading open source package platforms including npm (for JavaScript/Node.js), PyPI (for Python development), and Crates (for the Rust ecosystem). Most of the packages imitate legitimate tools and are also distributed via AI-generated fake security frameworks and bait repositories.
Socket reported an average detection time of 5 minutes and 27 seconds for malicious packages, with the fastest detection occurring in just 58 seconds. GitHub played a significant role in package distribution. Additionally, on May 20, GitHub experienced an internal cyberattack, granting unauthorized system access after an employee’s computer was compromised.
| Package Platform | Targeted Sectors | Main Targets |
|---|---|---|
| npm | Cryptocurrency, AI | Coinbase, MetaMask |
| PyPI | Data science, machine learning | Binance, Solana |
| Crates | Blockchain development | Brave wallet |
The TrapDoor malware campaign remains active, and those behind the operation have yet to be identified. Socket has refrained from attributing the incident to any specific hacking group or cybercriminal organization.
