TrapDoor Cross-Ecosystem Crypto Stealer Campaign
The TrapDoor campaign is a critical cross-ecosystem supply-chain attack targeting npm, PyPI, and Crates.io packages. It employs various execution methods to steal sensitive developer and cloud credentials, as well as crypto wallet information. The campaign has been tracked by Socket, which has identified over 34 malicious packages and numerous related versions.
- ▪TrapDoor is an active software supply-chain campaign reported by Socket on May 24, 2026.
- ▪The campaign targets SSH keys, GitHub tokens, AWS credentials, and crypto wallet material.
- ▪Socket tracks more than 34 malicious packages and 384 related versions tied to this campaign.
Opening excerpt (first ~120 words) tap to expand
TrapDoor Cross-Ecosystem Crypto Stealer Campaign TrapDoor is an active cross-registry supply-chain campaign using npm postinstall hooks, PyPI import-time execution, and Rust build scripts to steal developer, cloud, SSH, and crypto wallet secrets. Date: 2026-05-24 Severity: critical Sources: 5 #supply-chain#npm#pypi#crates.io#credential-theft#crypto Executive Summary TrapDoor is an active software supply-chain campaign reported by Socket on May 24, 2026, spanning npm, PyPI, and Crates.io packages aimed at crypto, DeFi, AI, and developer-security workflows Socket. Socket tracks more than 34 malicious packages and 384 or more related versions/artifacts, while OSV already lists several PyPI malicious-package records tied to the same 2026-05-eth-security-auditor campaign Socket OSV PyPI list.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at Haltingproblems.
Discussion
0 commentsMore from Haltingproblems
