The TrapDoor Campaign Targets the Developer's Machine

Attackers are no longer just hunting for retail users; they are targeting the infrastructure of the next generation of software. A new supply-chain campaign, known as TrapDoor, has planted more than 34 malicious packages across npm, PyPI, and Crates.io to target developers working in crypto, DeFi, AI, and security.

The campaign uses fake tooling packages disguised as mundane developer utilities. These packages, programmed in JavaScript, Python, and Rust, are designed to steal SSH keys, wallet files, AWS credentials, GitHub tokens, browser data, and other sensitive configuration files. By targeting developers, the attackers aim for the machines that hold production access and wallet keys in the same environment used to build tools.

The strategy relies on boredom. The packages use names like "wallet-security-checker," "defi-risk-scanner," and "solidity-build-guard" to blend into a standard development workflow. This is a sophisticated shift in focus. While social engineering targets individuals, this supply-chain attack targets the very tools used to build the ecosystem.

The scope of the attack extends into the AI development workflow. Researchers found that attackers abused AI configuration files, such as .cursorrules and CLAUDE.md, using hidden instructions. These instructions aim to hijack future AI coding sessions to run fake security scans that exfiltrate secrets.

This campaign demonstrates that the security of the AI and crypto stack is only as strong as the registries used to build it. When the tools used to verify security are themselves the vector for theft, the entire development lifecycle is compromised.

Developers should audit their dependency trees for any packages matching the identified patterns and review AI configuration files for unauthorized instructions.