- The malware spread via npm, PyPI, and Rust packages in coordinated waves.
- It steals crypto wallets, SSH keys, and cloud developer credentials.
- AI coding tools have also been targeted by malicious configuration files.
The coordinated malware campaign known as TrapDoor hit software ecosystems widely used by cryptocurrency and blockchain developers.
Security researchers It identified dozens of malicious packages spread across major open source repositoriesall designed to steal sensitive developer data such as wallet keys, cloud credentials, and source code access tokens.
Instead of a single malicious upload, attackers spread multiple packages in waves using different accounts.
This approach made activity more difficult to detect in the early stages and allowed the malware to integrate into routine dependency updates.
A coordinated attack across major developer ecosystems
Operation TrapDoor affected at least three major ecosystems: npm, PyPI, and Crates.io.
Together, researchers identified more than 30 malicious packages and more than 300 affected versions that were distributed over a short period.
Activity reportedly began around May 22, 2026 GitHub reported Unauthorized access to internal repositories on May 20. It then escalated rapidly over the following days.
The packages were not isolated incidents. Instead, it appeared to be part of a coordinated release strategy involving multiple developer accounts.
This structure suggests planning rather than opportunistic abuse. Each packet exhibits similar behavior patterns and indicates a common malicious framework used by attackers.
How TrapDoor malware works inside developers’ systems
Once installed, TrapDoor packages are automatically executed through the standard build and installation processes used in modern development environments.
In JavaScript packages, malicious code is run through post-installation scripts, which run immediately after the dependency is added.
In Python packages, malware can be activated during import, allowing it to execute without any explicit function call.
Rust packages use build scripts to achieve the same result during compilation.
After execution, the malware scans local systems for valuable data. This includes SSH keys, API tokens, and configuration files commonly used in cloud and blockchain development workflows.
It also targets credentials stored in the browser and environment variables, which often contain sensitive authentication data.
The stolen information is then sent to external servers controlled by the attackers.
In some cases, malware attempts to maintain persistence by modifying startup processes or inserting malicious hooks into development tools.
Targeting focused on encryption and theft of high-value data
What makes this campaign particularly concerning is its focus on development environments associated with cryptocurrencies.
The malware specifically looks for files related to crypto wallets and credentials associated with platforms such as Coinbasemeta mask, BinanceAnd Solana-based tools.
It also targets cloud infrastructure credentials from service providers such as AWS and GitHub access tokens.
They are particularly valuable because they can provide attackers with direct access to private repositories, deployment pipelines, and backend systems.
Additionally, the malware attempts to collect SSH keys that may allow remote access to developer machines or production servers.
This combination of targets gives attackers a wide range of entry points into personal and enterprise systems.
AI development tools are also under pressure
One of the most unusual elements of the TrapDoor campaign is its interaction with AI-powered development environments.
Some malicious packages include configuration files designed to influence programming assistants and automated development tools.
Files such as .cursorrules and CLAUDE.md have reportedly been used to manipulate AI coding assistants to perform actions that may reveal sensitive information.
Instead of directly compromising the systems, the attackers tried to exploit how the AI tools interpreted the project’s instructions.
This approach reflects a shift in attack methods.
Rather than targeting just code implementation, the campaign also attempts to influence the workflow of developers who rely on suggestions generated by artificial intelligence and automated analysis.
