Well, well, well. Looks like the digital underworld has a new party trick, and it’s not just stealing your crypto-it’s doing it with the finesse of a cat burglar in a tuxedo. Meet TrapDoor, the malware that’s been sashaying through npm, PyPI, and Crates.io like it owns the place, swiping SSH keys and crypto wallets faster than you can say “blockchain.”
According to the folks at Socket (yes, the same ones who probably spend their weekends debugging their toasters), TrapDoor isn’t just a random act of digital thievery. Oh no, it’s a full-blown supply chain attack with a guest list that includes crypto, DeFi, Solana, AI, and security tooling developers. Because, you know, where else would you find all those juicy wallet keys and cloud credentials just lying around?
The attack, which spans 34 malicious packages and over 384 versions, is like a bad house party that keeps spreading. By the time Socket blew the whistle on May 24, some packages had already been escorted out, but others were still mingling, pretending to be harmless dependencies.
But here’s the kicker: TrapDoor isn’t just lurking in package registries. It’s also on GitHub, playing the long game with social engineering. The attacker’s account was busy publishing AI and security-themed lure repos, planting fake “security” workflows, and generally trying to blend in like a chameleon at a color-blind convention.
One particularly clever trick? Using zero-width Unicode characters in .cursorrules and CLAUDE.md files to trick AI coding assistants into running data exfiltration routines. Because why steal data yourself when you can get the AI to do it for you? Genius, really.
The attacker even left behind an AUDIT-MATRIX.md file, which reads like a how-to guide for making credential theft look like a routine security audit. It’s like finding a burglar’s to-do list at the scene of the crime-equal parts infuriating and impressive.
Socket, bless their hearts, caught most of these malicious packages within minutes of their release. But the damage was already done. If you’re a developer in the crypto space, it’s time to treat your environment like a crime scene. Rotate those keys, check for hidden hooks, and for the love of all that’s holy, review your .cursorrules files for invisible mischief.
So, what’s the moral of this story? Supply chain attacks are no longer just about slipping a bad package into the mix. They’re about building entire ecosystems of deceit, complete with lure repos, community engagement, and AI manipulation. It’s enough to make you nostalgic for the good old days of phishing emails.
But hey, at least we’ve got Socket on the case. Because if there’s one thing more entertaining than a malware campaign, it’s watching security researchers dissect it with the glee of a kid in a candy store. Stay vigilant, folks. The digital wild west just got a little wilder.
Read More
- Honkai: Star Rail Silver Wolf Lv. 999 Build Guide: Best Relics, Light Cone, Team Comps, and more
- Honor of Kings x Attack on Titan Collab Skins: All Skins, Price, and Availability
- Top 5 Best New Mobile Games to play in May 2026
- eFootball 2026 Epic National Midfielders (Ribery, Gattuso, Karembeu) pack review: Strong picks yet not endgame
- FC Mobile 26 TOTS (Team of the Season) event Guide and Tips
- Total Football free codes and how to redeem them (March 2026)
- Top 5 Best New Mobile Games to play in April 2026
- Yummy Tteokbokki ASMR redeem codes and how to use them (May 2026)
- Farming Simulator 26 arrives May 19, 2026 with immersive farming and new challenges on mobile and Switch
- Last Furry: Survival redeem codes and how to use them (April 2026)
2026-05-25 13:08