TrapDoor supply-chain attack steals passwords from developers

Researchers have discovered a coordinated supply-chain attack called TrapDoor. The attackers unwittingly spread malware through npm, PyPI and Crates.io that steals login credentials. The campaign, which began on May 22, 2026, includes more than 34 malicious packages in over 384 versions. The malware collects secrets such as crypto wallets, SSH keys, cloud tokens, browser data and environment variables, and creates persistence on infected systems.

Developers can be infected by having auto-updates of commonly used libraries in software turned on. When a developer releases a new version, reusable components are automatically retrieved from so-called registries on the Internet. If these become infected, software that uses these registries automatically includes the malware.

Scope and timeline

The attack started on May 22, 2026 at 20:20 UTC, when a group of accounts published new packages on the three major registries in a short period of time. Subsequent attacks added dozens of variants. According to The Hacker News, the campaign now counts 34 unique names and 384 releases. Another group previously used the name “TrapDoor” for an Android-ad fraud campaign, but it is separate from this attack.

Research by Socket.dev reveals that the packages target developers in the cryptocurrency and AI sectors. The payload looks for secrets such as crypto-wallet files, SSH keys, cloud credentials, browser data and environment variables. The malware validates AWS and GitHub tokens and can spread further via SSH.

List of malicious packages

Researchers have identified more than 30 names. Some recent examples:

• Crates.io: move-analyzer-build, sui-framework-helpers, sui-sdk-build-utils
• npm: async-pipeline-builder, defi-env-auditor, wallet-backup-verifier
• PyPI: cryptowallet-safety, defi-risk-scanner, eth-security-auditor

The complete list is in the documentation on the Socket website.

Implications for developers

Because the malware hides behind legitimate-looking names and uses standard installation hooks, developers who install or import these packages risk having their credentials leaked. Persistence mechanisms increase the chances that an attacker will retain access after the initial infection. Projects that rely on npm, PyPI or Crates.io would do well to check recent or unknown dependencies and take additional measures, such as lockfiles and signature verification.