TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO

2026-05-25

1 min read

by info@thehackernews.com (The Hacker News)

Read Original

Get the latest tech trends every morning

Receive daily AI-curated summaries of engineering articles from top tech companies worldwide.

Endigest AI Core Summary

TrapDoor is a coordinated cross-ecosystem software supply chain attack targeting npm, PyPI, and Crates.io with over 34 malicious packages to steal developer credentials and secrets.

•The campaign targets developers in crypto, DeFi, Solana, and AI communities, stealing AWS tokens, GitHub tokens, SSH keys, crypto wallets, and browser data.
•Uses ecosystem-specific execution methods: postinstall hooks in npm packages, build.rs scripts in Rust crates that encrypt and exfiltrate data to GitHub Gists, and import-time code execution in Python packages.
•Implements persistence through cron jobs, systemd services, Git hooks, shell hooks, and SSH-based lateral movement for network compromise.
•Uniquely leverages hidden instructions in .cursorrules and CLAUDE.md files to trick AI coding assistants into running malicious security scans that exfiltrate secrets via GitHub pull requests.

TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO

Get the latest tech trends every morning

Endigest AI Core Summary

Related Articles

ChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing Surface

Cloud CISO Perspectives: How to build an AI-ready security program for the public sector

Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit

New Russian-Linked GREYVIBE Targets Ukraine with AI-Powered Cyberattacks