TrapDoor: supply-chain attack steals credentials via npm, PyPI and Crates.io

Colleagues, a cybersecurity alert: the TrapDoor campaign distributes credential-stealing packages across npm, PyPI and Crates.io.
Briefly:
- 34+ malicious packages targeting crypto/DeFi, Solana and AI developers.
- Techniques: npm postinstall/trap-core.js, Rust build.rs, Python import-time execution; exfiltrate tokens, SSH keys, cloud credentials and wallets.
- Persistence/exfiltration via cron, systemd, Git hooks, SSH; some payloads fetched from GitHub Pages; PRs with .cursorrules/CLAUDE.md attempt to deceive AI tools.
Why it matters: developer workstations are targeted — risk of infrastructure and wallet compromise.
What steps will you take to protect developer environments?
#cybersecurity #supplychain #DevSecOps #opensource


Latest comments
No comments yet.