A coordinated software supply chain campaign has targeted npm, PyPI and Crates.io with more than 34 malicious packages across over 384 versions, according to a technical analysis from Socket. The campaign, called TrapDoor, began on May 22, 2026 and is designed to steal developer credentials, crypto wallets, SSH keys, cloud logins and browser data.
KEY FACTS
- Targets npm, PyPI and Crates.io packages aimed at crypto, DeFi, Solana and AI developers.
- Scale More than 34 malicious packages were published in over 384 versions.
- Python payload Packages ran code on import and downloaded remote JavaScript for execution.
- Rust technique Malicious build.rs scripts searched for local keystores and exfiltrated data to GitHub Gists.
- Persistence npm packages used cron jobs, systemd services, Git hooks and SSH for persistence and lateral movement.
The report said the activity started in waves from a cluster of accounts and used package names that appeared relevant to development workflows. The list included crates such as move-analyzer-build and sui-framework-helpers, npm packages such as defi-threat-scanner and wallet-security-checker, and PyPI packages such as eth-security-auditor and solidity-build-guard.
Several npm packages loaded a shared payload called trap-core.js, which scanned for credentials and developer secrets, checked stolen tokens through AWS and GitHub API calls, and attempted SSH-based movement across hosts. The Rust crates used a hardcoded XOR key to encrypt collected data before sending it out.
The Python packages were set up to auto-run on import and fetch JavaScript from an attacker-controlled GitHub Pages domain. The disclosure also said some packages introduced hidden instructions into .cursorrules and CLAUDE.md files, then used GitHub pull requests in projects such as browser-use, langchain and langflow to try to get AI tools to process them.
The campaign is separate from another TrapDoor operation tied to Android ad fraud. The earlier activity, described by HUMAN’s Satori Threat Intelligence and Research Team, involved 455 Android apps in the Google Play Store.
WHY IT MATTERS
The findings show how attackers are adapting supply chain tactics to reach software developers through package registries and ordinary contribution workflows. The approach can expose secrets, cloud access and code signing material that may be used for deeper compromise.