On May 24, 2026, Socket.dev disclosed the TrapDoor supply chain poisoning campaign, spanning npm, PyPI, and Crates.io ecosystems with over 34 malicious packages and 384 versions. Attackers targeted developers in cryptocurrency, DeFi, Solana, AI, and security sectors, using each ecosystem's native execution mechanisms—npm's postinstall hooks, PyPI's import entry points, and Crates.io's build.rs scripts—to automatically exfiltrate sensitive data such as SSH keys, blockchain wallet configurations, cloud credentials, and browser session states. SlowMist's MistEye system conducted in-depth analysis on three representative samples: git-config-sync (PyPI), token-usage-tracker (npm), and sui-framework-helpers (Crates.io). The Python and npm samples shared the remote configuration domain ddjidd564.github.io, while the npm sample also used the attack marker P-2024-001. The Rust sample overlapped in targeting but lacked shared code infrastructure. Attackers leveraged legitimate services like GitHub Pages, GitHub Raw, and webhook.site to evade detection. Only the npm sample included persistence mechanisms via modifications to .cursorrules, CLAUDE.md, Git hooks, and shell RC files. The Python and Rust samples acted as one-time stealers. IOCs have been integrated into MistEye's threat intelligence database.

Key facts

• 34+ malicious packages across npm, PyPI, Crates.io with 384 versions
• Targets: crypto, DeFi, Solana, AI, security developers
• Uses native hooks (postinstall, import, build.rs) for auto-execution
• Exfiltrates SSH keys, wallet configs, cloud credentials, browser sessions
• Only npm package has persistence via .cursorrules, CLAUDE.md, Git hooks

KeyAudit data perspective