A new coordinated cross-ecosystem software supply chain attack campaign, dubbed TrapDoor, has emerged, targeting npm, PyPI, and Crates.io to distribute credential-stealing malware. This campaign encompasses over 34 malicious packages across more than 384 versions, with the earliest activity detected on May 22, 2026.
Details of the Attack
The malicious packages are specifically aimed at developers within the crypto, DeFi, Solana, and AI communities. The malware is engineered to steal sensitive information such as developer secrets, crypto wallets, SSH keys, cloud credentials, browser data, and environment variables. Notably, several npm packages deploy a shared payload, trap-core.js, which is responsible for scanning credentials, validating AWS and GitHub tokens, and facilitating lateral movement via SSH.
Delivery Mechanisms
The operation is characterized by its diverse delivery methods, including the use of postinstall hooks, remote JavaScript payloads executed during package imports, and malicious build.rs scripts targeting Sui and Move developers. The npm packages execute a JavaScript payload that scans for credentials and developer secrets, while the Rust crates search for local keystores and exfiltrate encrypted data to GitHub Gists.
Unusual Techniques and Broader Implications
One notable aspect of the TrapDoor campaign is the embedding of .cursorrules and CLAUDE.md files, which contain hidden instructions aimed at tricking AI assistants into executing a “security scan” that leads to secret discovery and exfiltration. This is achieved through GitHub pull requests across popular AI and developer projects, indicating that the threat actor is testing whether AI-related project files can be introduced through standard open-source contribution workflows.
Conclusion
The findings from this campaign highlight a concerning trend where threat actors are increasingly targeting developer workflows to steal a wide array of information, potentially enabling deeper infiltration into target environments for subsequent attacks. The TrapDoor campaign exemplifies the combination of traditional package typosquatting with newer attack vectors within developer environments.
This article was produced by NeonPulse.today using human and AI-assisted editorial processes, based on publicly available information. Content may be edited for clarity and style.
