VMTech
+381 11 4150 20024/7 Discuss a project
← All Instagram insights VMTECH · INSTAGRAM

TrapDoor: supply-chain attack steals credentials via npm, PyPI and Crates.io

TrapDoor: атака цепочки поставок крадёт креды через npm, PyPI и Crates.io

Colleagues, a cybersecurity alert: the TrapDoor campaign distributes credential-stealing packages across npm, PyPI and Crates.io.

Briefly:
- 34+ malicious packages targeting crypto/DeFi, Solana and AI developers.
- Techniques: npm postinstall/trap-core.js, Rust build.rs, Python import-time execution; exfiltrate tokens, SSH keys, cloud credentials and wallets.
- Persistence/exfiltration via cron, systemd, Git hooks, SSH; some payloads fetched from GitHub Pages; PRs with .cursorrules/CLAUDE.md attempt to deceive AI tools.

Why it matters: developer workstations are targeted — risk of infrastructure and wallet compromise.

What steps will you take to protect developer environments?

#cybersecurity #supplychain #DevSecOps #opensource

Latest comments

No comments yet.