Trapdoor Malware: The Massive Supply Chain Attack Targeting Crypto Developers

Trapdoor Malware: The Massive Supply Chain Attack Targeting Crypto Developers

Briefly

"Socket reported that the affected packages were published in waves starting on May 22 and then were updated throughout the following weekend. The packages stood out due to their nature, as they allegedly represented generic developer tools and appeared in quick succession across different registries. This gives the campaign broad reach across adjacent developer communities where crypto wallets, cloud credentials, Github tokens, and SSH keys are likely to be present, socket assessed."

"Researchers at Socket, a company that specializes in preventing supply chain attacks, have identified a broad campaign targeting crypto developers using infected packages across npm, PyPI, and Crates.io. Dubbed Trapdoor, the supply chain attack spans 34 packages across these development environments, encompassing over 384 versions, with some still available."

"The infected packages invade the development environment of crypto developers, leveraging these alleged open-source tools, taking hold of secrets, crypto wallets, secure shell (SSH) keys, and other relevant data. Trapdoor infected packages also try to leverage AI tools to collaborate with their attack, using directive files to trick AI coding tools to run a security scan and exfiltrate highly sensitive data."

"Socket stated that while this technique could not work consistently across all AI tools and models, its presence shows that attackers are actively experimenting with AI development environments as part of sup"