TrapDoor Crypto Stealer Supply Chain Attack Hits 34 Packages and Hundreds of Versions Across npm, PyPI, and Crates.io
TrapDoor crypto stealer hits 34 packages across npm, PyPI, and Crates.io, targeting crypto and AI developers.
Summary
The TrapDoor supply chain attack compromised 34 packages across npm, PyPI, and Crates.io to steal developer secrets. The malicious packages target developers in crypto, DeFi, Solana, and AI communities, exfiltrating crypto wallets, SSH keys, cloud credentials, and browser data. The attacker also experimented with AI-targeted injection through files like .cursorrules and CLAUDE.md.
Full text
Research/Security NewsMalicious NuGet Package Impersonates Sicoob SDK to Exfiltrate Banking Certificates and PasswordsA malicious NuGet package impersonating Sicoob exfiltrated client IDs, PFX passwords, and banking certificates through Sentry telemetry. By Kirill Boychenko - May 28, 2026
Indicators of Compromise
- domain — ddjidd564[.]github[.]io