The developer platform Socket has identified a new supply chain attack targeting professionals in the crypto and artificial intelligence (AI) sectors. The campaign, dubbed "TrapDoor," aims to steal cryptocurrencies, sensitive data, and login credentials, with over 34 malicious packages and 384 versions distributed so far. This is reported by Cointelegraph.com reports .
The malware primarily targets developers working in crypto wallets, decentralized finance (DeFi), AI, and security. According to Socket, TrapDoor is capable of stealing wallet data, SSH keys, cloud service credentials, GitHub tokens, and API keys. It also monitors popular wallets such as Coinbase, Binance, Solana, Sui, Aptos, and MetaMask, as well as the Brave browser.
Socket CTO Ahmad Nassri noted that the virus also attempts to "compromise" AI coding assistants like Claude and Cursor. Hackers aim to force AI assistants to perform tasks such as "security scanning" to exfiltrate sensitive data to external servers.
Attackers have uploaded their packages to popular repositories like npm (JavaScript), PyPI (Python), and Crates (Rust). These packages are distributed under the guise of useful utilities such as "project settings," "solidity tools," or "prompt engineering." Experts urge developers to exercise caution before installing any new library.
Read “Zamin” on Telegram!
