Security firm Socket uncovered a supply-chain attack named TrapDoor that spread malicious packages across npm, PyPI, and Crates.io. Over 34 packages and hundreds of versions were disguised as legitimate developer utilities for crypto, DeFi, AI, and security. Once installed, the malware steals wallet files, SSH keys, GitHub tokens, cloud credentials, and browser data. It also uses hidden instructions in .cursorrules and CLAUDE.md files to hijack AI coding tools, exfiltrating secrets during future sessions. The attack targets developers, who often hold production access and sensitive data on their machines. Socket reported the packages to registries and warned of pull requests attempting to inject malicious files.

Key facts

• 34+ malicious packages found on npm, PyPI, and Crates.io.
• Disguised as developer tools for crypto, DeFi, AI, security.
• Steals wallet data, SSH keys, GitHub tokens, cloud credentials.
• Uses hidden Unicode in .cursorrules to hijack AI coding tools.
• Socket reported packages; attackers also submit malicious PRs.